On Fri, 26 Apr 2002, Jeremy C. Reed wrote:

> > 	BIND server (for internal net)
>
> Only have named listen to internal interface.

If I do that, will named still have access to the outside for lookups?
Is this done in named or is it an ipf rule that only allows connections to
port 53 from the internal if (or both).

> > (A year ago when I put up my linux box on the net I thought the
> > ipchains script I wrote was secure, but somebody broke into it about
> > 5 days after I put it up.  I used a script to configure it the second

> A packet filter is only one layer of security. Hopefully, you fixed the
> real problem.

I assume so.  The second time I used "PM Firewall" to configure ipchains,
and I haven't had a break in for the last year. (I don't think  ;^)

One of the reasons I'm moving to NetBSD is hopefully for a more secure
environment as well as a more straight forward configuration.  Red
Hat has so many scripts configuring things it's hard to tell what
controls what.

Thanks for the help,
  - Rog