Differences between version 17 and predecessor to the previous major change of FirewallNotes.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 17 | Last edited on Tuesday, February 17, 2004 2:45:21 pm | by MichaelBordignon | Revert |
Older page: | version 16 | Last edited on Monday, August 11, 2003 1:13:52 pm | by CraigBox | Revert |
@@ -55,8 +55,9 @@
* Having a default DENY or REJECT policy is a good idea
* But don't start with that rule if you're working remotely
* DENY might sound nice, but it means people can spoof packets from your computer, and your computer won't abort the connection. a rate limited (using -m limit) REJECT is much much safer.
* You probably want to rate limit log messages too otherwise a good portscan can flood syslogd(8) for ages.
+* If you are having problems using -m owner with iptables 1.2.6a and kernel 2.4.x try [IptablesNotes]
!Pinholing
If you have a firewall running iptables, chances are you'll want to forward a port at some point (to run a P2P app, a game server etc). Experiment with this command line: