[Gllug] ipchains/smtp acceptance from Demon

sean at uncertainty.org.uk sean at uncertainty.org.uk
Fri Aug 17 11:42:21 UTC 2001


On Thu, Aug 16, 2001 at 09:29:56PM +0100, Alex Hudson wrote:
> On Thu, Aug 16, 2001 at 07:05:33PM +0100, sean at uncertainty.org.uk wrote:
> > port on each end? and connections require packets going both ways (hence
> > !-y to block packets that signify the start of a connection ?)
> 
> A connection requires five things: source ip, destination ip, source port,
> destination port, and protocol. However, very often (i.e., usually) you
> don't know the source port (it's often random, but sometimes, such as in
> some nameserver configs, you know in advance what it will be). You may not
> know the source ip either. So most rules operate on what the connection is
> attempting to connect to.
> 
> -y means 'SYN, !FIN, !ACK', which are the flags used to start a tcp session.
> Hence, accepting -y means you accept connections. !-y means you don't accept
> them. Accepting -y and rejecting !-y is Silly Nonsense, as is -y -p udp.

OK - seems like I misread something and got stuck with wrong ideas about 
firewalling.

It seems to be pretty much working now

I seem to have broken ping though...

thanks 

Sean


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list