Ipchains: output from ipchain --list
Paul Melson
melson@scnc.holt.k12.mi.us
Sat, 23 Dec 2000 23:28:38 -0500
On Sat, Dec 23, 2000 at 11:12:16PM +0000, Don Chorman wrote:
> Here is the output when I ran the ipchain --list. I did not set up
> ipchain rules yet.
>
> [root@c1129978-a /root]# ipchains --list
> Chain input (policy ACCEPT):
> Chain forward (policy ACCEPT):
> Chain output (policy ACCEPT):
>
>
> hope this looks normal.
It's normal if you haven't done anything with it
yet and are just checking for masquerading support
within the running kernel. However, if you're
using that machine to act as a firewall/gateway
for any other machines, may I suggest that you
run this command until you are ready to begin
configuring ipchains:
`ipchains -P forward DENY`
Otherwise it's trivial for anyone who can guess
your internal IP addressing scheme (10.0.0.0/8?)
to scan and otherwise abuse your internal network.
PaulM
--
_____________________
melson@holt.k12.mi.us