[plug] What was that? (firewall breached?)
bob
bob at fots.org.au
Fri May 16 10:04:22 WST 2003
On Fri, 16 May 2003 09:16 am, Craig Ringer wrote:
> >>I just had someone walk through my firewall and start an ftp session.
> >
> > Ok, I think I have it figured out now. Looks like iptables failed
> > silently (bit disappointing that)
>
> Did iptables fail silently, or was it your iptables /script/ that failed
> silently?
Yes, you're right. The script, it hung when I reloaded it and didn't get
beyond flushing the rules.
> I've never had iptables fail without a useful error message - ever. I've
> had it do exactly what I asked it to (not what I wanted) quite a bit.
>
> > So any good ideas on determining up-ness on iptables? or should I just
> > re init it once an hour?
>
> iptables -L INPUT -n | less
> iptables -L FORWARD -n | less
> iptables -L OUTPUT -n | less
:)
I could parse for specific IP I have in my rules I suppose. It would make it
less than generic though. Was hoping for something automated.
> as for re-initing it... if you're on something like a dialup link or DSL
> with a dynamic IP, you should be flushing and re-initing at every
> connect. Otherwise, there should be no need unless some other program on
> your system is stuffing up your rules.
I have a permanent IP but I'm feeling paranoid at the moment :).
Thanks for your help.
> Craig
--
Am I in GRADUATE SCHOOL yet?
More information about the plug
mailing list