Re: [tlug] iptables and port-forwarding concerns

[Godwin Stewart <gstewart@example.com>]

On Thu, 22 Apr 2004 20:14:30 -0400, Josh Glover <tlug@example.com> wrote:

> Looks pretty decent!

I wanted to pay special attention to caging in the Windoze box. I really
don't want it spewing viruses and spam if the user gets hit with malware
of some sort (even though I *am* filtering inbound e-mail with ClamAV), so
that meant restricting where it can send e-mail and not letting it get
anywhere near common proxy ports on other boxen in order to prevent a 2-tier
injection. Other than that, it's pretty straightforward.

> Bloody karmic, that screwup was. No sooner than I had a chuckle at your
> expense, everyone got one at mine! That'll learn me! :)

That's TLUG for you: ruthless but all in good spirit! (unless you're being a
dork for real)

-- 
G. Stewart   --   gstewart@example.com -- gstewart@example.com
Registered Linux user #284683 (Slackware 9.0, Linux 2.6.5)
--------------------------------------------------------------
You can't block a port with software that runs on the same machine where the
attacks are aimed. That's like trying to stop bullets by shoving Kevlar up
your backside. By the time the bullet hits the Kevlar, the damage has been
done.
        -- Morely 'Spam is theft' Dotes in NANAE, 13-AUG-2003

Attachment: pgp00062.pgp
Description: PGP signature