[Bastille-linux-discuss] bastille-netfilter helpful comments
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
From: <ida...@fr...> - 2002-07-29 15:19:14
|
In bastille-netfilter it mentions how to set up SNAT instead of MASQUERADING. (The code doesn't actually work due to several bugs I posted previously; but, thank you anyway.) A small example of DNAT would also have been helpful here, including adding the SNAT line that enables DNAT to work even for your internal hosts (way way cool!). http://www.netfilter.org/unreliable-guides/NAT-HOWTO/NAT-HOWTO.linuxdoc-10.html When InteractiveBastille runs, it always installs a fresh version of /sbin/bastille-netfilter, wiping out whatever was there. Can it also add a comment to the top of this file saying "DO NOT EDIT THIS FILE - InteractiveBastille will wipe it out"? Indeed, all the files that are generated by InteractiveBastille would benefit from a warning line similar to the above. (I lost some edits because I expected InteractiveBastille to edit the existing files in place, not replace them fresh every time...) -- -IAN! Ian! D. Allen Ottawa, Ontario, Canada id...@nc... Home Page on the Ottawa FreeNet: http://www.ncf.ca/~aa610/ College professor at: http://www.algonquincollege.com/~alleni/ Board Member, TeleCommunities CANADA http://www.tc.ca/ |