[TriLUG] Iptables confusion
Jeremy Portzer
jeremyp at pobox.com
Fri May 2 15:05:19 EDT 2003
On Fri, 2003-05-02 at 14:18, lfwelty at nc.rr.com wrote:
>
> If you know which ports you need open, you can be even more specific than
> the rule above and only explicitly allow known ports/services. It's almost
> always better to grant access to known allowed services denying everything
> else; than to deny known bad svcs allowing everything else.
But he's using NFS, and there's no way to predict what ports NFS will
use. That's why the permissive rule is necessary.
--Jeremy
--
/=====================================================================\
| Jeremy Portzer jeremyp at pobox.com trilug.org/~jeremy |
| GPG Fingerprint: 712D 77C7 AB2D 2130 989F E135 6F9F F7BC CC1A 7B92 |
\=====================================================================/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030502/703f35eb/attachment.pgp>
More information about the TriLUG
mailing list