Re: [aclug-L] Yet More Ipchains Stuff
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Jeff wrote:
>
> I'm not sure if I mentioned this or not, but I recently saw someone
> using another neat thing with ipchains: you can set the default policy
> on a chain to DENY instead of ACCEPT:
> /sbin/ipchains -P input DENY [or REJECT]
>
> This makes sure that if you miss/mess up anything and it falls through
> the cracks, the default action is to drop it on the floor.
>
> Assuming you want to do that, of course. :)
>
> Oh, and in response to one question from the meeting, yes '-i'
> specifies the interface you want the rule to apply to. If you leave it
> off, it matches any interface. You can also use "-i ! ppp+" to say
> "anything EXCEPT any interfaces that _start_ with ppp" (to demonstrate
> the ! and + syntax).
>
> -jeff
> --
> Alien: That board with a nail in it may have defeated us. But the humans
> won't stop there. They'll make bigger boards and bigger nails, and
> soon, they will make a board with a nail so big, it will destroy them
> all! [aliens laugh evilly, for quite some time]
> -- `The Monkey's Paw' in ``Treehouse of Horror II''
Jeff I could not wait to get home and look at /sbin/ipchains but found
it is an exec. does the script tell it what to do. "Could you please
explain. Thanks
|
|
