[plug] What was that? (firewall breached?)
bob
bob at fots.org.au
Fri May 16 10:34:12 WST 2003
On Fri, 16 May 2003 10:21 am, Craig Ringer wrote:
> One handy thing you can do there is structure your scripts so that the
> default actions on INPUT, OUTPUT and FORWARD are left at DENY when the
> rules are flushed. That way, if something stuffs up you fall offline
> rather than opening up to the world. Of course, you wouldn't do this on
> a co-lo....
I thought I had it defaulting to deny... back to rtfm I guess :)
> Also, a bit of error checking in scripts is always a good idea. Too bad
> the shell doesn't have anything like Python's try blocks.
Yep.
> Its a good idea with static IP DSL as well, if you're using PPPoE, come
> to think of it. You /might/ (I'm not sure off the top of my head) lose
> any '-i ppp0' or '-o ppp0' rules if ppp goes down... anyway, paranoia is
> always advised. I still find myself thinking in terms of my old bridged
> DSL connection far too often.
Nothing so fancy... static ppp. You're right though, paranoia is your friend
:).
Oh look, cron's just emails me again. The firewall reloaded (this is going
to get old rsn :).
> Craig
--
A wise person makes his own decisions, a weak one obeys public opinion.
-- Chinese proverb
More information about the plug
mailing list