On Thu, 2004-01-29 at 23:46, smoothmilk wrote: > heh, considering that RH includes this tool and it doesnt work out of > the box, I'd say it should be a concern to the people who could possibly > fix that, perhaps those people read this list. I mean, when you install > fedora/redhat, it says do u want a firewall? If you choose yes, (which i > did) it's not going to do anything--even something very very simple like > deny all incoming new connections. > > The following are what I have with only ftp allowed and eth0 trusted.. Think about that. Eth0 is trusted... Now, look at this... > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] ...it's doing *EXACTLY WHAT YOU TOLD IT TO DO*. It's not broken -- you don't know what you're doing. There's a difference. If you trust eth0, then any traffic to or from eth0 will automatically be trusted. That trumps all the rules you've put in place before. That seems pretty obvious to me. -- Ben Steeves _ bcs@xxxxxxxxxx The ASCII ribbon campaign ( ) ben.steeves@xxxxxx against HTML e-mail X GPG ID: 0xB3EBF1D9 http://www.metacon.ca/ascii / \ Yahoo Messenger: ben_steeves
