On Mon, 2005-11-21 at 11:24 -0800, Josh Coffman wrote: > Using the security applet, I checked the check box for eth0 to > trust that network interface. In thinking about it, I wanted to make > sure that it doesn't then bypass my iptables rules. Yes, it pretty much does. If you had, say, PPP to the internet and ETH to your LAN. You'd trust your ETH connection, and your LAN could do most things it wanted to without the firewall in the way. On the other hand, the PPP network being untrusted would only allow through the specific services that you tick as being trusted (e.g. a webserver). You only tick the networks that you trust as being wholly trustworth, and the services that you trust for public access. > It's behind a NAT/router via cat5. The wireless is wep-128 with MAC > filter and hidden ESSID. So it's low risk, but I want to be sure Being behind a NAT router ought to protect you quite a bit. But anything on a wireless network is a bit of a risk. MAC filtering is useless, by the way. That takes mere moments to subvert. -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.