Re: Any holes in this firewall script?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Dharmendra.T" <dharmu@nsecure.net>
To: Jun Sun <jsun@junsun.net>
Cc: netfilter@lists.netfilter.org
Subject: Re: Any holes in this firewall script?
Date: 05 Jun 2003 10:12:21 +0530	[thread overview]
Message-ID: <1054788173.1063.3.camel@india> (raw)
In-Reply-To: <20030604081501.A3411@gateway.junsun.net>

[-- Attachment #1: Type: text/plain, Size: 1296 bytes --]

Hi Jun,
What about the destination ips? These rules will allow from interal to
any of the destination and external to any of the internal ips which is
ofcourse dangerous. So I do suggest you to defie the rules for the
destinations also(-d).  And do not allow all the protocals. 

Regards
Dharmendra T.
On Wed, 2003-06-04 at 20:45, Jun Sun wrote:

    On Wed, Jun 04, 2003 at 11:12:37AM +0530, Dharmendra.T wrote:
    > Yes, but after that you are allowing everything from all the
    > interfaces.  Which is not recommended to do so.
    >

    Eh?  Which rules allow everything from all interfaces?

    I have the following, which only allow all packets with the right
    IP address range from internal interface and lo:

    $IPTABLES -A INPUT -p ALL -i $INTIF -s $INTLAN -j ACCEPT
    $IPTABLES -A INPUT -p ALL -i $LOIF -s $LOIP -j ACCEPT
    $IPTABLES -A INPUT -p ALL -i $LOIF -s $INTIP -j ACCEPT
    $IPTABLES -A INPUT -p ALL -i $LOIF -s $EXTIP -j ACCEPT

    Jun

-- 
Regards
Dharmendra.T

This message is intended for the addressee only. It may contain
privileged or Confidential information. If you have received this
message in error,please notify the sender and destroy the message
immediately.Unauthorised use or reproduction of this message is strictly
prohibited.

[-- Attachment #2: Type: text/html, Size: 2567 bytes --]

     prev parent reply	other threads:[~2003-06-05  4:42 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-06-04  1:08 Any holes in this firewall script? Jun Sun
2003-06-04  5:00 ` Dharmendra.T
2003-06-04  5:05   ` Jun Sun
2003-06-04  5:42     ` Dharmendra.T
2003-06-04 15:15       ` Jun Sun
2003-06-05  4:42         ` Dharmendra.T [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1054788173.1063.3.camel@india \
    --to=dharmu@nsecure.net \
    --cc=jsun@junsun.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.