Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Reckhard, Tobias (tobias.reckhardsecunet.com)
Date: Mon May 06 2002 - 23:40:15 CDT
> Someone who explains to me why I cant just append rule 3,4,5,6 at the
> end of the INPUT rules (APPEND) instead I have to INSERT them?
> Is it because of rule 23 which cannot be overwritten?
> Would make sense to me. Then I better insert right bevore line
> 23, right?
Is this a serious question?
> 23 DROP all -- 0.0.0.0/0 0.0.0.0/0
> 24 REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:113 reject-with tcp-reset
Of course you *can* append rules 3-6 at the end of the INPUT chain, but they
won't have any effect because of rule 23, which matches each and every IP
packet and drops it on the floor. Rule 23 is in no way read-only, where did
you get that idea? BTW, rule 24 is superfluous as well, it will never be
hit, you might as well remove it.
-- To unsubscribe, e-mail: suse-security-unsubscribesuse.com For additional commands, e-mail: suse-security-helpsuse.com Security-related bug reports go to securitysuse.de, not here