Re: IPTABLES doesn't work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: fedora-list@xxxxxxxxxx
Subject: Re: IPTABLES doesn't work
From: Luciano Miguel Ferreira Rocha <strange@xxxxxxxxxxxxx>
Date: Sat, 31 Jan 2004 16:58:02 +0000
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]>
Reply-to: fedora-list@xxxxxxxxxx
Sender: fedora-list-admin@xxxxxxxxxx
User-agent: Mutt/1.4.1i

On Fri, Jan 30, 2004 at 12:13:18PM +0100, Alexander Dalloz wrote:
> > /sbin/modprobe ip_conntrack_ftp &> /dev/null
> 
> modprobe has the parameter "-q" to be quiet.

Thanks, I didn't know.

> > /sbin/iptables -F
> > /sbin/iptables -X
> > /sbin/iptables -P FORWARD DROP
> > /sbin/iptables -P INPUT DROP
> 
> To set policies to DROP and have no final REJECT rule is bad. DROP is no
> good general rule.

That's a matter of opinion, but for completion I do use rejects, but I tried
to simplify the script:

/sbin/iptables -A INPUT -p TCP -m limit --limit 20/minute -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -p UDP -m limit --limit 20/minute -j REJECT --reject-with icmp-port-unreachable

(I don't like the default reject method.)

Regards,
Luciano Rocha

Follow-Ups:
- Re: IPTABLES doesn't work
  - From: Alexander Dalloz

References:
- IPTABLES doesn't work
  - From: smoothmilk
- Re: IPTABLES doesn't work
  - From: Luciano Miguel Ferreira Rocha
- Re: IPTABLES doesn't work
  - From: Alexander Dalloz

Prev by Date: Re: updating to rawhide
Next by Date: Re: IPTABLES doesn't work
Previous by thread: Re: IPTABLES doesn't work
Next by thread: Re: IPTABLES doesn't work
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux