ipchains rule question: Destination ip
David A. Bandel
david
Mon May 17 11:34:38 PDT 2004
On Tue, 9 Jul 2002 11:08:23 -0400
begin Matthew Carpenter <matt at eisgr.com> spewed forth:
[snip]
> >
> > The above is "your system to Internet on ntp port (123)", the next
> > rule is"Internet to your system on ntp port".
>
> Not quite. The first one your system to Anywhere for NTP. The second
> rule is another machine to the outside of the firewall on NTP and has no
> business being there unless your firewall is going to provide NTP to
> this other machine.
Umm. You said the same thing I did, so how can it be "not quite"? I just
didn't judge the sagacity of allowing the world to use him as an NTP
server (maybe he _wants_ to). I have a system that I and my customers
(perhaps 150 or so systems) use as an NTP server (and it's slaved off
time.nist.gov). He didn't say if that was also his case.
Ciao,
David A. Bandel
--
Focus on the dream, not the competition.
-- Nemesis Racing Team motto
More information about the Linux-users
mailing list