hi, can i use shorewall with configured stealth match. it described as followed: Enabling this option will drop all syn packets coming to unserved tcp ports as well as all packets coming to unserved udp ports. If you are using your system to route any type of packets (ie. via NAT) you should put this module at the end of your ruleset, since it will drop packets that aren''t going to ports that are listening on your machine itself, it doesn''t take into account that the packet might be destined for someone on your internal network if you''re using NAT for instance. regards claus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Claus Rosenberger wrote: | hi, | | can i use shorewall with configured stealth match. it described as followed: | I don''t know why you would want to -- Shorewall does the same thing. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBPdWhO/MAbZfjDLIRAnF9AJwPfF3r9Ih3jkZQXLnJadIK6xAaQgCfcOD/ MGjsDb0Yc7OHM67+LH1I6pY=8ozj -----END PGP SIGNATURE-----