From mboxrd@z Thu Jan 1 00:00:00 1970 From: Remo Mattei Subject: Re: hi guys passive firewall Date: Sun, 07 Jul 2002 09:26:35 -0600 Sender: netfilter-admin@lists.samba.org Message-ID: <3D285DAB.9010908@remo.ws> References: <3D27B365.2050705@remo.ws> <20020707080609.TFPL23840.mta03-svc.ntlworld.com@there> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="------------050308070701020209090201" Return-path: Errors-To: netfilter-admin@lists.samba.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: Antony Stone , netfilter --------------050308070701020209090201 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Antony Stone wrote: >On Sunday 07 July 2002 4:20 am, Remo Mattei wrote: > >>I have an office with 64 ips which are all valid. I have some server >>that do not need any security enable. >> > >Oh yeah ? What kind of servers are those, then ? How come they're not >vulnerable to anything and therefore don't need any security :-) ? > I guess I should say that the server itself have a firewall not that do not need any security on them!!! > >>But I do have other that I will >>have to firewall down any suggestions? Will all rules come in into the >>input chains and then forward all other packages work. >> > >Depends whether you're talking about putting netfilter onto the server itself >(in which case you filter the INPUT chain), or whether netfilter is on a >router between the servers and the Internet (in which case you filter the >FORWARD chain). > So I guess since the anwser is above I just will use the forward and let everything pass in the input. Thanks anthony > > >Antony. > --------------050308070701020209090201 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit

Antony Stone wrote:

On Sunday 07 July 2002 4:20 am, Remo Mattei wrote:

I have an office with 64 ips which are all valid. I have some server
that do not need any security enable.


Oh yeah ?   What kind of servers are those, then ?   How come they're not 
vulnerable to anything and therefore don't need any security :-) ?

I guess I should say that the server itself have a firewall not that do not need any security on them!!!

But I do have other that I will
have to firewall down any suggestions? Will all rules come in into the
input chains and then forward all other packages work.


Depends whether you're talking about putting netfilter onto the server itself 
(in which case you filter the INPUT chain), or whether netfilter is on a 
router between the servers and the Internet (in which case you filter the 
FORWARD chain).

So I guess since the anwser is above I just will use the forward and let everything pass in the input.

Thanks anthony

 

Antony.

--------------050308070701020209090201--