[geeks] ipf fun
Bill Bradford
mrbill at mrbill.net
Tue Jun 4 14:56:57 CDT 2002
On Tue, Jun 04, 2002 at 03:51:25PM -0400, Tim H. wrote:
> UGH As a general policy, if someone want to get to my stuff, then I am going to know what they are getting to. I am much more comfortable allowing specific incoming, and blocking all. Of course my firewall is a Linux 2.2 machine with ipchains, so my config wouldn't be much good, but I allow all outgoing block all incoming, and allow specific incoming, and where possible only allow specific IPs in, for instance my firewall needs to talk to sundial.columbia.edu (timeserver) so I allow that traffic from only that machine. Of course I am also IPMasqing on that box, so even if I allowed traffic it wouldn't work past the firewall, but I am paranoid.
I also know exactly what is running on the box - why block ports that nothing
is running on ?
--
Bill Bradford
mrbill at mrbill.net
Austin, TX
More information about the geeks
mailing list