Changeset bbdb0ff4 for postlfs/security/firewalling.xml
- Timestamp:
- 05/30/2005 08:49:04 PM (19 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- b2782389
- Parents:
- 4ff86b9
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/firewalling.xml
r4ff86b9 rbbdb0ff4 71 71 <title><xref linkend="fw-masqRouter"/></title> 72 72 73 <para>This is a system placed between the Internet and an intranet. 73 <para>This is a system placed between the Internet and an intranet. 74 74 To minimize the risk of compromising the firewall itself, it should 75 generally have only one role—that of protecting the intranet. 76 Although not completely risk free, the tasks of doing the routing and 75 generally have only one role—that of protecting the intranet. 76 Although not completely risk free, the tasks of doing the routing and 77 77 IP masquerading (rewriting IP headers of the packets it routes from 78 78 clients with private IP addresses onto the Internet so that they seem … … 159 159 160 160 <note> 161 <para>You should always run your firewall rules from a script. 161 <para>You should always run your firewall rules from a script. 162 162 This ensures consistency and a record of what was done. It also 163 163 allows retention of comments that are essential for understanding … … 419 419 420 420 <para>If you want to add services such as internal samba or 421 name servers that do not need to access the Internet themselves, 421 name servers that do not need to access the Internet themselves, 422 422 the additional statements are quite simple and should still be 423 423 acceptable from a security standpoint. Just add the following lines … … 506 506 <para>There are other addresses that you may also want to 507 507 drop: 0.0.0.0/8, 127.0.0.0/8, 224.0.0.0/3 (multicast and 508 experimental), 169.254.0.0/16 (Link Local Networks), and 508 experimental), 169.254.0.0/16 (Link Local Networks), and 509 509 192.0.2.0/24 (IANA defined test network).</para> 510 510 </listitem>
Note:
See TracChangeset
for help on using the changeset viewer.