I have an interesting little problem here.
I want to as a default REJECT all packets from my firewall's external
interface, and then allow in only certain packets. I have already written
rules to allow in the services I am running on the firewall (like http,
http-secure, smtp, imap, pop3, etc.), however it seems that I need to add in
a never-ending list of ports to allow the windows machines behind the
firewall full access to their response packets. My biggest concern with
that is that with some of them (ICQ for one) the ports are more often than
not dynamic... My real question here is, how would I go about allowing the
windows machine(s) behind the firewall to receive full responses from the
internet without returning the firewall back to it's previous default state
of ACCEPT. There are so many ports under 1024 that I want to block off from
external use, and I do not personally feel like blocking all 1010 (or
whatever) ports manually.