From: "\"Баталов Григорий\"" <bga@kgok.murmansk.su> To: mandrake-russian@altlinux.ru Subject: Re: [mdk-re] help understand please (Firewall) Date: Mon Jan 21 12:09:01 2002 Message-ID: <20020121121123.3f5b578d.bga@kgok.murmansk.su> (raw) In-Reply-To: <20020121115312.6a3dd627.vyt@vzljot.ru> On Mon, 21 Jan 2002 11:53:12 +0300 Vyt <vyt@vzljot.ru> wrote: > > Вопрос как раз о простом способе сделать это фаерволлом (если таковой > > действительно прост и универсален). _Можно ли таким образом закрыть > > всем, кроме локальных пользователей, доступ к каким бы то ни было > > сервисам, запущенным на данной машине?_ > > Нельзя. Firewall на пакетном уровне смотрит на адреса и порты, а > не анализирует пользователей на локальных или нет. Наверное, localhost имелся в виду. Тогда можно. > Помимо просто > закрывания портов можно еще запретить пакеты с флагом SYN (точно > не помню, в IPCHAINS-HOWTO описан), то есть запретить > инициализировать соединения на сервер, используется, например, на > прокси на внешнем интерфейсе. -- Баталов Григорий. --------------------------------------------------------------------------- I am the "ILOVEGNU" signature virus. Just copy me to your signature. This email was infected under the terms of the GNU General Public License.
next prev parent reply other threads:[~2002-01-21 12:09 UTC|newest] Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top 2002-01-18 15:26 [mdk-re] help understand pleas Andriy Dobrovol's'kii 2002-01-18 15:34 ` Vyt 2002-01-18 15:52 ` Andriy Dobrovol's'kii 2002-01-18 17:35 ` Igor Homyakov 2002-01-18 17:49 ` Re[2]: " Dmitry 2002-01-18 21:13 ` Olga 2002-01-18 21:41 ` AVL 2002-01-18 22:11 ` cornet 2002-01-19 15:50 ` Olga 2002-01-19 20:52 ` AVL 2002-01-20 9:46 ` Gosha 2002-01-20 13:57 ` AVL 2002-01-20 16:41 ` Gosha 2002-01-20 16:47 ` AVL 2002-01-21 21:39 ` Gosha 2002-01-21 22:02 ` AVL 2002-01-21 22:29 ` Gosha 2002-01-21 11:41 ` [mdk-re] help understand please (Firewall) Olga 2002-01-21 11:50 ` Vyt 2002-01-21 12:09 ` "Баталов Григорий" [this message] 2002-01-21 12:39 ` Olga 2002-01-21 14:09 ` cornet 2002-01-21 14:18 ` Vyt 2002-01-21 14:36 ` cornet 2002-01-21 12:38 ` Olga 2002-01-21 12:53 ` Vyt 2002-01-21 12:13 ` [mdk-re] " Mikhail Zabaluev 2002-01-21 12:16 ` [mdk-re] " Shur 2002-01-21 17:01 ` AVL 2002-01-21 19:52 ` Maksim Otstavnov 2002-01-21 21:57 ` Michael Shigorin 2002-01-19 3:16 ` Re[2]: [mdk-re] help understand pleas Maksim Otstavnov 2002-01-20 12:40 ` [mdk-re] " Mikhail Zabaluev 2002-01-20 14:02 ` cornet 2002-01-20 18:52 ` Mikhail Zabaluev 2002-01-20 22:10 ` Sergey S. Skulachenko 2002-01-20 22:33 ` cornet 2002-01-20 23:04 ` Sergey S. Skulachenko 2002-01-20 23:44 ` cornet 2002-01-21 1:12 ` [mdk-re] Re: Postfix-Open-Relay-HOWTO ;) Mikhail Zabaluev 2002-01-21 1:43 ` cornet 2002-01-21 2:13 ` Mikhail Zabaluev 2002-01-21 4:04 ` cornet 2002-01-21 10:51 ` Mikhail Zabaluev 2002-01-21 16:09 ` cornet 2002-01-21 11:13 ` [mdk-re] " Maxim 2002-01-21 10:37 ` Maxim 2002-01-21 7:58 ` [mdk-re] Re: help understand pleas Sergey S. Skulachenko 2002-01-21 8:16 ` S. Budnevitch 2002-01-21 8:32 ` Sergey S. Skulachenko 2002-01-21 9:37 ` S. Budnevitch 2002-01-24 13:10 ` [mdk-re] " Antonio 2002-01-18 18:58 ` Roman S
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20020121121123.3f5b578d.bga@kgok.murmansk.su \ --to=bga@kgok.murmansk.su \ --cc=mandrake-russian@altlinux.ru \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Community general discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 community community/ http://lore.altlinux.org/community \ mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com public-inbox-index community Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.community AGPL code for this site: git clone https://public-inbox.org/public-inbox.git