NOUSER
James Kosin
jkosin at beta.intcomgrp.com
Fri Sep 14 19:02:05 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rick Stevens wrote:
<<-- SNIP -->>
>> Hi
>> Sorry to hijack this tread. The above should it be before, or after
>> you allow the ssh port ?
>
> Before. You want packets NOT rejected by that bit to fall through to
> other rules for further processing.
>
> ----------------------------------------------------------------------
> - Rick Stevens, Principal Engineer rstevens at internap.com -
> - CDN Systems, Internap, Inc. http://www.internap.com -
> - -
> - Change is inevitable, except from a vending machine. -
> ----------------------------------------------------------------------
>
YES, and at the very bottom be sure to add the DENY or LOG and DROP
line. The default for the interface rule is sometimes easily missed
by the eyes and having a glaring, catch all rule at the bottom makes
it stand out when you have problems.
- -James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG6tqtkNLDmnu1kSkRAsZ0AJ0duCgv6CPzyubf3yWS3XFW8qD7sgCdFg5E
ajSfilwXZDFsq/JJo1bRjQA=
=lNn4
-----END PGP SIGNATURE-----
--
Scanned by ClamAV - http://www.clamav.net
More information about the fedora-list
mailing list