TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:16582] Firewalls revisited...



You can put specify additional "DENY" items for those you wish to log.

Tom Veldhouse
veldy@visi.com

----- Original Message -----
From: Nate Carlson <natecars@real-time.com>
To: <tclug-list@mn-linux.org>
Sent: Monday, April 24, 2000 11:04 AM
Subject: Re: [TCLUG:16582] Firewalls revisited...


> On Mon, 24 Apr 2000, Thomas T. Veldhouse wrote:
>
> > I use a default policy of DENY on my input chain without any problems.
I
> > split my bits off into 4 chains.  eth0-in eth0-out eth1-in eth1-out.  I
> > sometimes split those off into other chains when I am filtering various
> > stuff for a particular computer on my LAN.
> >
> > Tom Veldhouse
> > veldy@visi.com
>
> Only problem with setting default policy of DENY is you don't get logging
> when packets are denied...
>
> --
> Nate Carlson <natecars@real-time.com>   | Phone : (952)943-8700
> http://www.real-time.com                | Fax   : (952)943-8500
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
>