Confused as Chris Griffin
Robert Brockway
robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org
Thu Nov 27 19:47:36 UTC 2003
On Thu, 27 Nov 2003, Teddy Mills wrote:
> Q1
> FORWARD chain "are for packets destined for other hosts"
> Well, why am I recieving packets that arent meant for me?
The FORWARD chain is for packets being routed through the box.
> Why can I just DROP all packets recieved on the FORWARD chain?
If you aren't routing any data through you _should_ set the FORWARD chain
to DROP (as well as having ip_forward set to 0).
> Q2
> INPUT chain is for packets destined for our local machine.
> Do these packets originate from Internet and all my LAN hosts?
Yep, any packet with a desination address that your host understands to be
itself will pass through this chain.
> Q3
> OUTPUT chain is for packets generated locally, now leaving.
> Is this just for the Linux "lo" interface?
No, it's not just for lo, any locally generate packet leaving your host
will pass through this chain on the way out.
> What about the local LAN interface and all my LAN hosts?
Many people just setp OUTPUT to ACCEPT unless there is some reason you
want to block outgoing packets. Many large companies do this and more
often than not it just prevents people from making legitimate use of the
network.
Rob
--
Robert Brockway B.Sc. email: robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org, zzbrock at uqconnect.net
Linux counter project ID #16440 (http://counter.li.org)
"The earth is but one country and mankind its citizens" -Baha'u'llah
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list