Differences between version 11 and predecessor to the previous major change of PerrysFirewallingScript.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 11 | Last edited on Tuesday, May 13, 2003 10:31:08 pm | by CraigBox | Revert |
| Older page: | version 10 | Last edited on Friday, May 2, 2003 3:05:36 pm | by CraigBox | Revert |
@@ -81,9 +81,9 @@
;tcp-trust: Allows all TCP except to some well known ports that it shouldn't have access to (eg: linuxconf, nfs and portmap etc). Useful for an interface that is connecting to another department that you trust and want traffic to flow to and from, but they don't need any of your sensitive services, so if they get compromised hopefully the attacker won't get the opertunity to compromise you too.
;udp-strict: Disallows incoming UDP that isn't part of an already established "connection" (ie: a reply from a packet that was originated here)
;udp-trust: Disallows incoming UDP to potentially dangerous ports (NFS, Portmap, tftp etc)
-Most of these rules are configurable and rather obvious if you edit them.
+Most of these rules are configurable and rather obvious if you edit them. __These rules must all be set +x or the script will fail.__
!!Misc commands
There are also some misc commands that can be used from both interfaces.d/ and ruleset.d/
