gentoo iptables information

Ralph W. Reid rreid at sunset.net
Sat Dec 2 12:46:25 EST 2006 

Actually, the rules defined by iptables are processed in the order in
which they are appended (assuming they are simply appended, and not
inserted or plugged in at specific locations in the list of defined
rules).  On my systems, the very last thing I do is log and then drop
things which were not handled by earlier rules, and I am definitely
not locked out of my systems.  Using this technique (dropping
everything after certain things are allowed) _can_ certainly lock one
out of a system if the necessary things are not all allowed before the
default 'DROP' rule(s) are reached, but I _carefully_ use this
technique so I can log more information for later examination.

Have a _great_ day!

On Fri, Dec 01, 2006 at 11:16:32PM -0500, Jude DaShiell wrote:
> I finally found how to search for useful gentoo iptables information and 
> it's something those new to iptables won't think obvious.  The trick is to 
> search for gentoo netfilter tutorial OR howto on google.com.  netfilter 
> appears to be the larger project encompassing iptables and ipchains and 
> ip6tables.  The other tip on reading stuff about iptables on the web is to 
> remember with firewalls you close everything down first then open up 
> certain specific access paths.  You will find misinformation on the web 
> advocating setting up specific access paths first then denying everything 
> else.  It doesn't work that way according to peter.youssef at navy.mil, 
> denying everything as the last rule in a firewall breaks all specific 
> access paths you defined in earlier rules and leaves you with a closed 
> system.  Cybercrackers can and do write web pages too.
> 
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
Ralph.  N6BNO.  Wisdom comes from central processing, not from I/O.
rreid at sunset.net  http://personalweb.sunset.net/~rreid
...passing through The City of Internet at the speed of light!
TAN (x) = SIN (x) / COS (x)

More information about the Speakup mailing list