[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-list
Subject:    Re: IPTABLES doesn't work
From:       Luciano Miguel Ferreira Rocha <strange () nsk ! no-ip ! org>
Date:       2004-01-31 16:58:02
Message-ID: 20040131165802.GA3088 () nsk ! no-ip ! org
[Download RAW message or body]

On Fri, Jan 30, 2004 at 12:13:18PM +0100, Alexander Dalloz wrote:
> > /sbin/modprobe ip_conntrack_ftp &> /dev/null
> 
> modprobe has the parameter "-q" to be quiet.

Thanks, I didn't know.

> > /sbin/iptables -F
> > /sbin/iptables -X
> > /sbin/iptables -P FORWARD DROP
> > /sbin/iptables -P INPUT DROP
> 
> To set policies to DROP and have no final REJECT rule is bad. DROP is no
> good general rule.

That's a matter of opinion, but for completion I do use rejects, but I tried
to simplify the script:

/sbin/iptables -A INPUT -p TCP -m limit --limit 20/minute -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -p UDP -m limit --limit 20/minute -j REJECT --reject-with icmp-port-unreachable

(I don't like the default reject method.)

Regards,
Luciano Rocha


-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
[prev in list] [next in list] [prev in thread] [next in thread]