* How to stop imesh with iptables
2003-06-04 20:18 [Fwd: Re: [netfilter-core] iptables/conntrack in enterprise environment.] Preston A. Elder
@ 2003-06-10 17:29 ` Fernando La Gamba
0 siblings, 0 replies; 7+ messages in thread
From: Fernando La Gamba @ 2003-06-10 17:29 UTC (permalink / raw)
To: netfilter, coreteam
Hi, How to stop imesh with iptables?
Thaks!!
Fernando La Gamba
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.487 / Virus Database: 286 - Release Date: 1/6/2003
^ permalink raw reply [flat|nested] 7+ messages in thread
* RE: How to stop imesh with iptables
@ 2003-06-10 23:49 George Vieira
2003-06-11 20:05 ` Kevin McConnell
0 siblings, 1 reply; 7+ messages in thread
From: George Vieira @ 2003-06-10 23:49 UTC (permalink / raw)
To: Fernando La Gamba, netfilter
Argh these P2P software... What ports does it use? Did you research it's protocol so you can block it's commands to the server/users?
Have you googled for any information about it?
Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au
Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au
Phone : +61 2 9955 2644
HelpDesk: +61 2 9955 2698
-----Original Message-----
From: Fernando La Gamba [mailto:fernando.lagamba@fastrack.com.br]
Sent: Wednesday, June 11, 2003 3:30 AM
To: netfilter@lists.netfilter.org; coreteam@netfilter.org
Subject: How to stop imesh with iptables
Hi, How to stop imesh with iptables?
Thaks!!
Fernando La Gamba
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.487 / Virus Database: 286 - Release Date: 1/6/2003
^ permalink raw reply [flat|nested] 7+ messages in thread
* RE: How to stop imesh with iptables
2003-06-10 23:49 How to stop imesh with iptables George Vieira
@ 2003-06-11 20:05 ` Kevin McConnell
2003-06-11 21:30 ` David Busby
2003-06-12 13:08 ` Thomas Kirk
0 siblings, 2 replies; 7+ messages in thread
From: Kevin McConnell @ 2003-06-11 20:05 UTC (permalink / raw)
To: netfilter
--- George Vieira <georgev@citadelcomputer.com.au>
wrote:
> Argh these P2P software... What ports does it use?
> Did you research it's protocol so you can block it's
> commands to the server/users?
On a slightly OT note, just out of curiousity, am I
the only person that denies everything by default and
only allows the protocols through the firewall that I
feel people need to use? This keeps the average joe
from abusing bandwidth, but there will always be other
people who figure out how to pierce the FW using other
holes.
=====
Kevin C. McConnell --RHCE-- <Red Hat Certified Engineer>
__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: How to stop imesh with iptables
2003-06-11 20:05 ` Kevin McConnell
@ 2003-06-11 21:30 ` David Busby
2003-06-11 22:36 ` Gadgeteer
2003-06-12 13:08 ` Thomas Kirk
1 sibling, 1 reply; 7+ messages in thread
From: David Busby @ 2003-06-11 21:30 UTC (permalink / raw)
To: Kevin McConnell, netfilter
As always:
Depends on the requirements of the firewall.
/B
----- Original Message -----
From: "Kevin McConnell" <kevymac@yahoo.com>
To: <netfilter@lists.netfilter.org>
Sent: Wednesday, June 11, 2003 13:05
Subject: RE: How to stop imesh with iptables
>
> --- George Vieira <georgev@citadelcomputer.com.au>
> wrote:
> > Argh these P2P software... What ports does it use?
> > Did you research it's protocol so you can block it's
> > commands to the server/users?
>
> On a slightly OT note, just out of curiousity, am I
> the only person that denies everything by default and
> only allows the protocols through the firewall that I
> feel people need to use? This keeps the average joe
> from abusing bandwidth, but there will always be other
> people who figure out how to pierce the FW using other
> holes.
>
>
>
> =====
> Kevin C. McConnell --RHCE-- <Red Hat Certified Engineer>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
> http://calendar.yahoo.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: How to stop imesh with iptables
2003-06-11 21:30 ` David Busby
@ 2003-06-11 22:36 ` Gadgeteer
2003-06-12 0:45 ` Ramin Dousti
0 siblings, 1 reply; 7+ messages in thread
From: Gadgeteer @ 2003-06-11 22:36 UTC (permalink / raw)
To: netfilter
> From: "Kevin McConnell" <kevymac@yahoo.com>
> > am I
> > the only person that denies everything by default and
> > only allows the protocols through the firewall that I
> > feel people need to use?
<rearranged nasty top post>
On Wednesday 11 June 2003 15:30, David Busby wrote:
> As always:
> Depends on the requirements of the firewall.
I have yet to see a case made for other than default deny that was not full of
holes ....just like their firewalls 8-)
--
cheers,
Gadgeteer
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: How to stop imesh with iptables
2003-06-11 22:36 ` Gadgeteer
@ 2003-06-12 0:45 ` Ramin Dousti
0 siblings, 0 replies; 7+ messages in thread
From: Ramin Dousti @ 2003-06-12 0:45 UTC (permalink / raw)
To: Gadgeteer; +Cc: netfilter
> > > am I the only person that denies everything by default and
> > > only allows the protocols through the firewall that I
> > > feel people need to use?
> >
> > As always:
> > Depends on the requirements of the firewall.
>
> I have yet to see a case made for other than default deny that was not full
> of holes ....just like their firewalls 8-)
There is no doubt that the default "deny" and just opening the services that
are "required" to be accepted is _the_ requirement of any sane firewall.
Ramin
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: How to stop imesh with iptables
2003-06-11 20:05 ` Kevin McConnell
2003-06-11 21:30 ` David Busby
@ 2003-06-12 13:08 ` Thomas Kirk
1 sibling, 0 replies; 7+ messages in thread
From: Thomas Kirk @ 2003-06-12 13:08 UTC (permalink / raw)
To: Kevin McConnell; +Cc: netfilter
On Wed, Jun 11, 2003 at 01:05:17PM -0700, Kevin McConnell wrote:
> On a slightly OT note, just out of curiousity, am I
> the only person that denies everything by default and
> only allows the protocols through the firewall that I
> feel people need to use? This keeps the average joe
> from abusing bandwidth, but there will always be other
> people who figure out how to pierce the FW using other
> holes.
Nope thats the companypolicy where i work. Oh btw im the one that
formulates this policy ;-)
--
Venlig hilsen/Kind regards
Thomas Kirk
ARKENA
tlf/phone +4570233456
thomas(at)arkena(dot)com
Http://www.arkena.com
"Unfortunately, son, we Simpsons sometimes have to bend the rules
a little in order to hold our own." -- Homer Simpson
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2003-06-12 13:08 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-06-10 23:49 How to stop imesh with iptables George Vieira
2003-06-11 20:05 ` Kevin McConnell
2003-06-11 21:30 ` David Busby
2003-06-11 22:36 ` Gadgeteer
2003-06-12 0:45 ` Ramin Dousti
2003-06-12 13:08 ` Thomas Kirk
-- strict thread matches above, loose matches on Subject: below --
2003-06-04 20:18 [Fwd: Re: [netfilter-core] iptables/conntrack in enterprise environment.] Preston A. Elder
2003-06-10 17:29 ` How to stop imesh with iptables Fernando La Gamba
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox