The following lines were added (+) and removed (-):
:/tmp/install.log:300hex 10irq cc000 8013 <nowiki>[root@bigdog /root]# cat /etc/sysconfig/network</nowiki> <nowiki>NETWORKING=yes</nowiki> <nowiki>FORWARD_IPV4=no</nowiki> <nowiki>HOSTNAME=bigdog.robotz.com</nowiki> <nowiki>GATEWAYDEV=eth0</nowiki> <nowiki>GATEWAY=192.168.12.254</nowiki> <nowiki> if [ "${GATEWAY}" != "" ]; then</nowiki> <nowiki> if [ "${GATEWAYDEV}" = "" -o "${GATEWAYDEV}" = "${DEVICE}" ]; then</nowiki> <nowiki> # set up default gateway</nowiki> <nowiki> route add default gw ${GATEWAY} ${DEVICE}</nowiki> <nowiki> DEFGW=${GATEWAY}</nowiki> <nowiki> fi</nowiki> <nowiki> fi </nowiki> <nowiki> _______________________________________</nowiki> <nowiki> | |</nowiki> <nowiki> | this is really old and inacurate: |</nowiki> <nowiki> | 1114mb 222x5 |</nowiki> <nowiki> | |</nowiki> <nowiki> | /usr 300 |</nowiki> <nowiki> | /home 264 |</nowiki> <nowiki> | /usr/local 300 |</nowiki> <nowiki> | /usr/src 200 |</nowiki> <nowiki> | /tmp 50 |</nowiki> <nowiki> | / 80 |</nowiki> <nowiki> | SWAP 32 |</nowiki> <nowiki> | -------------------- |</nowiki> <nowiki> |_______________________________________|</nowiki>I am trapped in telnet: press CNTRL-] to get telnet> promptThere are three: (port 113), time (port 37), and daytime (port 13).NTP runs on port 123 using udp*ipchains -A input -p udp -j ACCEPT -s 10.0.0.0/8 -d 0.0.0.0/0 123*ipchains -A input -p udp -j ACCEPT -s some.trusted.host -d 0.0.0.0/0 123*ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 123More on ipchainsFirst estable default policiesYou may deny all or accept all depending on how paranoid you are. :input ACCEPT :forward DENY :output ACCEPT ipchains -A input -s 0/0 -d 0/0 -i lo -j ACCEPTThis annoying tosser doesn't even get to see our web site*** ipchains -A input -p tcp -s x.x.x.x -d 0/0 80 -y -j REJECTBelow we block access to port 110 pop3 and ssh so we let a few friends in*** ipchains -A input -p tcp -s x.x.x.x -d 0/0 22 -y -j ACCEPT ipchains -A input -p tcp -s x.x.x.x -d 0/0 110 -y -j ACCEPTSince we were not paranoid we should block ports not being used. ipchains -A input -p tcp -s 0/0 -d 0/0 0:19 -y -j REJECT ipchains -A input -p tcp -s 0/0 -d 0/0 23:24 -y -j REJECT ipchains -A input -p tcp -s 0/0 -d 0/0 26:79 -y -j REJECT ipchains -A input -p tcp -s 0/0 -d 0/0 81:1023 -y -j REJECTYou may wish to block udp on all standard ports below 1024 ipchains -A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECTDo not reply to ICMP TIMESTAMP packets ipchains -A output -j REJECT -i eth0 -p icmp -s x.x.x.x/yy -d 0/0 --icmp-type timestamp-request -l ipchains -A output -j REJECT -i eth0 -p icmp -s x.x.x.x/yy -d 0/0 --icmp-type timestamp-reply -l