-
October 17th, 2002, 11:49 AM
#1
Junior Member
Iptables question
Hello pps
How secure would this be:
$iptables -F
$iptables -X
$iptables -p INPUT DROP
$iptables -p OUTPUT DROP
$iptables -p FORWARD DROP
if this is the only thing in my iptables script
is it possible to get any kind of connection to my computer? (without stopping iptables)
id appreciate any thoughts on this
[blur]Te audire no possum. Musa sapientum fixa est in aure.[/blur]
-
October 17th, 2002, 02:02 PM
#2
Member
that setup of yours literally drops any connection..even the connections originating from your own machine..however having a default chain policy of DROP/REJECT is good..and after that you have to explicitly add rules that will permit connections from trusted machines(even your own machine)..hope that answers your question
with regards
scorpion..
-
October 18th, 2002, 01:45 AM
#3
That doesn't just drop all connections...I'm reasonably sure that drops all packets. But with rules like that, why not just unplug the modem/ethernet card?
Elen alcarin ar gwath halla nĂ¡ engwar.
-
October 21st, 2002, 04:31 AM
#4
Junior Member
Originally posted here by thesecretfire
That doesn't just drop all connections...I'm reasonably sure that drops all packets. But with rules like that, why not just unplug the modem/ethernet card?
would that script be just as secure as unplugging the network?
[blur]Te audire no possum. Musa sapientum fixa est in aure.[/blur]
-
October 21st, 2002, 06:01 AM
#5
Pretty much. Nothing can make any connection to the machine from the WAN side or the LAN side, so I'd say it's pretty effectively off the network.
If you want the machine to accept any connections and function as part of your network, you'll need to add some rules to permit those connections.
Do what you want with the girl, but leave me alone!
-
October 21st, 2002, 09:35 AM
#6
Well I suppose you can't really get much more secure than that can you? Maybe a little impracticle if you actually want to use the computer in a network. Its probably a good start to a script though, deny everything, then allow connections till your setup works
-
October 21st, 2002, 04:06 PM
#7
Junior Member
Thanks for your help
[blur]Te audire no possum. Musa sapientum fixa est in aure.[/blur]
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|