ipchains rule question: Destination ip
David A. Bandel
david
Mon May 17 11:34:37 PDT 2004
On Tue, 9 Jul 2002 02:32:29 -0400
begin Joel Hammer <Joel at hammershome.com> spewed forth:
> It has been so long since I set up my firewall I have forgotten why I
> did this, so :
>
> Here are two typical rules from my firewall (ipchains). Note that with
> one, the target ip is 0.0.0.0, and with the other the target is
> 68.36.44.105, which is the ip of the machine running the firewall. eth1
> is the external NIC facing the cable modem.
>
> target tosa tosx ifname source destination ports
>
> ACCEPT udp 0xFF 0x00 eth1 198.82.161.227 0.0.0.0 * -> 123
> ACCEPT udp 0xFF 0x00 eth1 198.82.162.213 68.36.44.105 * -> 123
>
> I have used 68.36.44.105 in a number of destinations in my ipchain
> rules instead of 0.0.0.0, as noted above. As far as I can see, these
> rules are equivalent, since my NIC, which is configured as 68.36.44.105,
> will not look at packets not addressed to it, at least under ordinary
> circumstances.
The above is "your system to Internet on ntp port (123)", the next rule is
"Internet to your system on ntp port".
But I really suggest you start looking at iptables instead of this
dinosaur.
>
> I would like to remove targets such as 68.36.44.105 and substitute
> 0.0.0.0 for all of them. Can someone suggest why this might not be a
> good idea? For example, I am wondering what would happen if my NIC were
> to run in PROMISCUOUS mode ?
You're mixing apples and oranges. A NIC in promisc mode may see all the
packets on a network, but that does not mean it does anything usefull with
them. As for the targets, you can reduce CPU load by switching to
iptables.
[Sorry, I see no sense entertaining ipchains questions when you should be
using iptables for better security and easier rules management]
>
> Any insight appreciated,
>
[snip]
Ciao,
David A. Bandel
--
Focus on the dream, not the competition.
-- Nemesis Racing Team motto
More information about the Linux-users
mailing list