[lug] Securing Fetchmail
D. Stimits
stimits at idcomm.com
Tue Aug 7 15:45:52 MDT 2001
rotering at animalcules.com wrote:
>
> On Tue, Aug 07, 2001 at 11:35:15AM -0600, David wrote:
>
> > So, I have an elementary firewall (courtesy RedHat) and I think that
> > I understand how ipchains work. But I know that there are gotchas,
> > so how secure is it?
>
> > :input ACCEPT
> > :forward ACCEPT
> > :output ACCEPT
>
> Surely you want DENY (or REJECT) in place of ACCEPT here. Or am I
> missing something glaringly obvious to everyone else?
>
I think for defaults ACCEPT is correct, provided you have after that
blank deny of all, though I'd probably choose a default policy of DENY
on forwarding. Then you make a blanket rule to deny all. Any ACCEPT that
is placed between defaults and deny of all are accepted if they match.
D. Stimits, stimits at idcomm.com
More information about the LUG
mailing list