On Wed, 2004-10-27 at 13:56 -0400, James Kosin wrote: > You don't give iptables a chance. It is a very powerful feature. With > proper setup you can allow unfeathered access to your server on your > network alone and deny access (or restrict) everyone else. > My dear James, the problem is that you are misunderstanding me... or that I am not explaining myself, but if I write longer posts people bitch that I overload their quotas. <grin> I do use iptables... see Shorewall (http://www.shorewall.net). I do take advantage of every piece of it I can, and Shorewall makes it easy for me. What I was describing is an *additional* measure of protection... since iptables cannot protect you from attacks on open ports (like 22 or 80, if you offer those services), then leave an "open" but redirected port as bait so that you can catch (and banish) anyone who touches them. I am in no way saying that the basic iptables firewall is bad; far from it! What I am saying is that such a simple setup is good but one can do *more* to protect the system if the time, effort, and cycles are available to do some extra work. Read over my long post again, carefully. I think you'll like the additional level of protection that this offers you: the point being that, if the guy is going to probe your 22 and 80, he's also likely to try your 1080 and 8080... so when he touches those you zap him, and hopefully make him lose interest when he has to wait two days to send *any* packets to your machine. Cheers, -- Rodolfo J. Paiz <rpaiz@xxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
