[PLUG] chat softwares
AthlonRob
AthlonRob at axpr.net
Wed Dec 3 11:35:02 UTC 2003
On Wed, 2003-12-03 at 11:09, Jason Van Cleve wrote:
> Most iptables tutorials suggest you close all ports and open them as needed. It's a better approach, and it should save you from chasing down unwanted traffic.
Your line wrapping is broken...
Most iptables tutorials suggest closing down all ports and opening them
as needed, yes... but they're usually talking about the INPUT
chain/table/whatever... so there is no chance you're listening on a port
you don't want to be listening on.
That is *not* the same thing as what Billy was looking for. The
limitation mentioned above limits who can access you, not what you can
access. Billy was looking (assuming he was talking about rules on a
gateway box) to limit what users of his network are able to access.
Defaulting to DROP, IMHO, would cause a bit of a pain in the neck.
You'd have to set rules for each individual port you wished users of
your network to have access to... and that list would get quite long
pretty quick.
I think it would be just as easy to just set up a SOCKS proxy in that
case, and deal with that, disabling all forwarding altogether. That
would give you more control, I think.
I don't think that's worth it for most networks, though, as it's a royal
pain in the ass for everybody involved.
Rob
More information about the PLUG
mailing list