08-29-2001
Most of the time if you are doing NAT, its because your internal machines have addresses in the reserved ranges (ie 192.168.0.1, etc) -- in which case knowing this information does a hacker no good.
If your internal machines have real IP addresses, then this <I>might</I> be a reason to obscure the header information...personally I wouldn't go to the trouble. Would you start obscuring telnet/ftp/http session information too?
9 More Discussions You Might Find Interesting
1. Linux
say i have these many file in a directory named exam.
1)/exam/newfolder/link.txt.
2)/exam/newfolder1/
and i create a tar say exam.tar
well the problem is,
when i read the tar file i dont find any metadata about the directories,as you cannot create a tar containig empty directories.
on the... (2 Replies)
Discussion started by: Tanvirk
2 Replies
2. Shell Programming and Scripting
Dear all-
I have a requirement to send an email via email with body content which looks something below-
Email body contents
--------------------
RequestType: Update
DateAcctOpened: 1/5/2010
Note that header information and data content should be normal text..
Please advice on... (5 Replies)
Discussion started by: sureshg_sampat
5 Replies
3. Shell Programming and Scripting
Dear All-
My requirement is as below-
Header file
$ cat HEADER.txt
RequestId:
RequestDate:
Data file
$ cat DATAVAL.txt
1001|2009-03-01
I need to send the combined data below as email body via mailx command
------------------
RequestId:1001
RequestDate:2009-03-01
I would like... (4 Replies)
Discussion started by: sureshg_sampat
4 Replies
4. UNIX for Dummies Questions & Answers
How can i tweak sendmail configuration files so that the "Received:" field is removed from email header information?
Or else can i change Received: (from enswitch@localhost) in email header to something likeReceived: (from xyz@localhost)?
---------- Post updated at 09:57 PM ---------- Previous... (2 Replies)
Discussion started by: proactiveaditya
2 Replies
5. UNIX for Dummies Questions & Answers
Friends,
I need help with the following in UNIX.
Merge all csv files in one folder considering only 1 header row and ignoring header of all other files.
FYI - All files are in same format and contains same headers.
Thank you (4 Replies)
Discussion started by: Shiny_Roy
4 Replies
6. Shell Programming and Scripting
Hello There...
I have a sample input file ..
number:department:amount
125:Market:125.23
126:Hardware store:434.95
127:Video store:7.45
128:Book store:14.32
129:Gasolline:16.10
I will be doing some manipulations on all the records except the header, but the header should always be... (2 Replies)
Discussion started by: juzz4fun
2 Replies
7. Programming
Hi,
I need to somehow pipe the password to a command and run some SQL, for example, something like echo $password | sqlplus -s system @query01.sql
To make it not so obvious, I decided to try out writing a small C program that basically just do echo $password. So now I just do x9.out | sqlplus... (8 Replies)
Discussion started by: newbie_01
8 Replies
8. Shell Programming and Scripting
i have added the header also to the script you provided, it is working fine, but I am expecting to get the header over those rows for which the URL or port changes. URL will remain same for few rows and then it change, and once the URL change the header should come,
like in below input you can see... (11 Replies)
Discussion started by: mirwasim
11 Replies
9. Shell Programming and Scripting
I've been struggling with this one for quite a while and cannot seem to find a solution for this find/replace scenario. Perhaps I'm getting rusty.
I have a file that contains a number of metrics (exactly 3 fields per line) from a few appliances that are collected in parallel. To identify the... (3 Replies)
Discussion started by: verdepollo
3 Replies
LEARN ABOUT DEBIAN
shorewall-exclusion
SHOREWALL-EXCLUSION(5) [FIXME: manual] SHOREWALL-EXCLUSION(5)
NAME
exclusion - Exclude a set of hosts from a definition in a shorewall configuration file.
SYNOPSIS
!address-or-range[,address-or-range]...
!zone-name[,zone-name]...
DESCRIPTION
The first form of exclusion is used when you wish to exclude one or more addresses from a definition. An exclaimation point is followed by
a comma-separated list of addresses. The addresses may be single host addresses (e.g., 192.168.1.4) or they may be network addresses in
CIDR format (e.g., 192.168.1.0/24). If your kernel and iptables include iprange support, you may also specify ranges of ip addresses of the
form lowaddress-highaddress
No embedded whitespace is allowed.
Exclusion can appear after a list of addresses and/or address ranges. In that case, the final list of address is formed by taking the first
list and then removing the addresses defined in the exclusion.
Beginning in Shorewall 4.4.13, the second form of exclusion is allowed after all and any in the SOURCE and DEST columns of
/etc/shorewall/rules. It allows you to omit arbitrary zones from the list generated by those key words.
Warning
If you omit a sub-zone and there is an explicit or explicit CONTINUE policy, a connection to/from that zone can still be matched by the
rule generated for a parent zone.
For example:
/etc/shorewall/zones:
#ZONE TYPE
z1 ip
z2:z1 ip
...
/etc/shorewall/policy:
#SOURCE DEST POLICY
z1 net CONTINUE
z2 net REJECT
/etc/shorewall/rules:
#ACTION SOURCE DEST PROTO DEST
# PORT(S)
ACCEPT all!z2 net tcp 22
In this case, SSH connections from z2 to net will be accepted by the generated z1 to net ACCEPT rule.
In most contexts, ipset names can be used as an address-or-range. Beginning with Shorewall 4.4.14, ipset lists enclosed in +[...] may also
be included (see shorewall-ipsets[1] (5)). The semantics of these lists when used in an exclusion are as follows:
o !+[set1,set2,...setN] produces a packet match if the packet does not match at least one of the sets. In other words, it is like NOT
match set1 OR NOT match set2 ... OR NOT match setN.
o +[!set1,!set2,...!setN] produces a packet match if the packet does not match any of the sets. In other words, it is like NOT match set1
AND NOT match set2 ... AND NOT match setN.
EXAMPLES
Example 1 - All IPv4 addresses except 192.168.3.4
!192.168.3.4
Example 2 - All IPv4 addresses except the network 192.168.1.0/24 and the host 10.2.3.4
!192.168.1.0/24,10.1.3.4
Example 3 - All IPv4 addresses except the range 192.168.1.3-192.168.1.12 and the network 10.0.0.0/8
!192.168.1.3-192.168.1.12,10.0.0.0/8
Example 4 - The network 192.168.1.0/24 except hosts 192.168.1.3 and 192.168.1.9
192.168.1.0/24!192.168.1.3,192.168.1.9
Example 5 - All parent zones except loc
any!loc
FILES
/etc/shorewall/hosts
/etc/shorewall/masq
/etc/shorewall/rules
/etc/shorewall/tcrules
SEE ALSO
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5),
shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
shorewall-tunnels(5), shorewall-zones(5)
NOTES
1. shorewall-ipsets
http://www.shorewall.net/manpages/shorewall-ipsets.html
[FIXME: source] 06/28/2012 SHOREWALL-EXCLUSION(5)