Re: Network Security hole (was -> Re: arp bug )

Stevie O (stevie@qrpff.net)
Sat, 02 Mar 2002 20:05:32 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Kevin Buhr: "PATCH 2.4.18-rc2-ac1: hang on spinlock in "expand_stack""
Previous message: troliz: "Just thinking about you. rqitm"
In reply to: erich@uruk.org: "Re: Network Security hole (was -> Re: arp bug )"

At 04:49 PM 3/2/2002 -0800, erich@uruk.org wrote:

>Whoops, I am apparently using "ipchains" and not "iptables", and
>didn't note the distinction.
>
>Sorry about the spurious bug report here. :/

Yeah, I use 2.2.19 on my server (2.4.x is the most unstable 'stable series' i've ever seen..). ipchains is like this:

Incoming Outgoing
interface interface
----+ +------->
| ^
v +------------> forward -----------+ |
input | |----> output
+----------> Application ---------+

I actually like it that way, it makes it easier to block things from the dsl ether (eth0):

ipchains -a input -i eth0 -d ! 66.92.237.176 -j DENY -l

With iptables i'd need that on both the INPUT *and* FORWARD rules...

-- Stevie-O

Real programmers use COPY CON PROGRAM.EXE

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Kevin Buhr: "PATCH 2.4.18-rc2-ac1: hang on spinlock in "expand_stack""
Previous message: troliz: "Just thinking about you. rqitm"
In reply to: erich@uruk.org: "Re: Network Security hole (was -> Re: arp bug )"