Re: Default DENY with ipchains
On Thu, Oct 19, 2000 at 11:07:16PM +0200, Srebrenko Sehic wrote:
:) Hello
:)
:) Is is possible to prevent ordinary users from opening unprivliged ports
:) (>1024 tcp/udp)? If yes, how?
:)
:) I've tried virtually every possible way to do this, but with no luck.
:)
:) I have a single NIC on my Linux box.
:)
:) Can somebody shed som light on this issue?
:)
:) Thanks
:) -- haver
hi
reading replies to this question, here's another way.
I suggest something like
/sbin/ipchains ... -p tcp -y -d your.box 1024: -j DENY
this actually don't stop opening of high ports but stops (really?) from
getting connections to these ports. (stop SYN packet)
big trouble is UDP : actualy cannot stop all traffic to ports above 1023
but I do hope that UDP's from bellow 1023 to above 1023 are OK. right ?
<brainstorming> what about daemon, catches open ports from `netstat -anp -A inet`
killing all not permitted. </brainstorming>
bye. (helps a little?)
t!kotek
--
<tiko> kotek@tuke.sk work=UVT_TU_Kosice home=undef </tiko>
M$ Antivirus
Warning : This will install Linux on your system [Y/n]
Reply to: