[luau] RH 9 server hacked -- what went wrong?
Mark Pettit
mark at pettit.org
Tue Aug 26 12:03:00 PDT 2003
>Good advice but do you know of any of the cheaper home units (SMC,
>Netgear, Siemens, Dlink, Linksys etc..) that can actually be configured
>with default DENY?
Yes. The Linksys routers are default deny. You must specifically say
what ports are allowed in.
>Everyone I have seen is default allow and you block from there. You can
>block various things like IRC and SMTP but you have to do it manually. I
>have a few floppy linux routers that I mess with that are default DENY
>but they each have disadvantages too.
>A cheap self contained router/firewall that had the
>ability to default deny, block by IP and range, block by DNS name, and
>block by time period would be great. While I'm dreaming, I'd also like
>the ability of limiting the services forwarding fuction to specific ip's
>instead of the firewall blindly forwarding selected ports over to another
>machine, like now I forward ssh port 22 to my Linux machine but have to
>maintain specific rules on that machine of where I can connect from, same
>with port 80 to a second machine.
There is no consumer-level product that will do that. However, Linux
iptables can do most, if not all, of what you are asking for. And
they can be set up for relatively cheap; $100 or less if you buy a
used computer on ebay.
--
Mark K. Pettit
mark at pettit.org
More information about the LUAU
mailing list