Re: Network Security hole (was -> Re: arp bug )

• Next message: Greg Louis: "Re: SSSCA: We're in trouble now"
• Previous message: bdfnliz: "Just thinking about you. jsl"
• In reply to: erich@uruk.org: "Re: Network Security hole (was -> Re: arp bug )"
• Next in thread: Paul Jakma: "Re: Network Security hole (was -> Re: arp bug )"
• Reply: Paul Jakma: "Re: Network Security hole (was -> Re: arp bug )"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 04:49 PM 3/2/2002 -0800, erich@uruk.org wrote:

>Whoops, I am apparently using "ipchains" and not "iptables", and
>didn't note the distinction.
>
>Sorry about the spurious bug report here. :/

Yeah, I use 2.2.19 on my server (2.4.x is the most unstable 'stable series' i've ever seen..). ipchains is like this:

Incoming Outgoing
interface interface
  ----+ +------->
      | ^
      v +------------> forward -----------+ |
    input | |----> output
          +----------> Application ---------+

I actually like it that way, it makes it easier to block things from the dsl ether (eth0):

ipchains -a input -i eth0 -d ! 66.92.237.176 -j DENY -l

With iptables i'd need that on both the INPUT *and* FORWARD rules...

--
Stevie-O
Real programmers use COPY CON PROGRAM.EXE
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Next message: Greg Louis: "Re: SSSCA: We're in trouble now"
• Previous message: bdfnliz: "Just thinking about you. jsl"
• In reply to: erich@uruk.org: "Re: Network Security hole (was -> Re: arp bug )"
• Next in thread: Paul Jakma: "Re: Network Security hole (was -> Re: arp bug )"
• Reply: Paul Jakma: "Re: Network Security hole (was -> Re: arp bug )"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Mar 07 2002 - 21:00:25 EST