Doubt about ADSL security.
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Fri Sep 3 16:24:57 UTC 2004
Am Fr, den 03.09.2004 schrieb Cassius V. de Magalhaes um 14:35:
> Following is the iptable's rule configuration:
> "# Firewall configuration written by system-config-securitylevel
> # Manual customization of this file is not recommended.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Firewall-1-INPUT - [0:0]
> -A INPUT -j RH-Firewall-1-INPUT
> -A FORWARD -j RH-Firewall-1-INPUT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
> -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> COMMIT"
>
> Is it the RH-Firewall-1-INPUT a chain?
Yes.
> The system-config-securitylevel is so basic, could I change it manually?
You can. But:
"# Manual customization of this file is not recommended."
So be sure you do fully understand what you are doing. Read very
carefully the www.netfilter.org documentation about netfilter/iptables.
If you do something wrong in the /etc/sysconfig/iptables file the whole
service will not start any more, besides the risk you open up wholes in
the wall.
> Does the above configuration protect me from anything?
From "anything"? No, certainly not.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp
Serendipity 18:21:24 up 4 days, 15:38, load average: 1.65, 2.12, 1.94
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20040903/35d16924/attachment-0002.bin
More information about the users
mailing list