On Tue, 2006-07-18 at 06:10 +0200, kmartin wrote: > wow it works. that -D was the initial problem. i figured what i was > typing would MAKE the rule. was guessing -D was for disallow or > something... No need to guess, there's man files that explain it. You really do need to read how to do something on a computer, rather than just fiddle around, otherwise you're going to create problems. Please read the man file for "rm" before you use that command. > so the rule was added but then when i logged in as that user, after > entering the password it would hang for around 5 minutes before > showing the desktop! i removed the rule w/ -D and it logged in fine. > since the redhat notification icon couldn't connect to the internet, i > removed that, then -A the rule. still hung. Yes, a prolonged wait is a problem you'll get with using DROP instead of REJECT. Whatever tries to make a connection will wait until it gets a response, *eventually* timing out when it doesn't get one. It's not going to get a response with a DROP rule, and the wait can be very long. If you'd used a REJECT rule, it would have failed instantly. Your vague rule would have dropped all outgoing traffic, which could include things that work on the same box (outgoing doesn't necessarily mean leaving the box, you can have outgoing connections on localhost). You want to be more specific (such as applying the rule to a particular interface, e.g. eth0, or a range of ports). If you have a system with centralised user authentication, you can't blandly block all traffic on the network, you have to make a proper distinction between internal and external. -- (Currently running FC4, occasionally trying FC5.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
