Re: firewalling (ipchains) question
On Sat, Aug 14, 1999 at 12:56:20AM +0200, Peter Palfrader aka Weasel wrote:
> ipchains -A output -j ACCEPT -i lo -s 0.0.0.0/0 -d 0.0.0.0/0
> ipchains -A input -j ACCEPT -i lo -s 0.0.0.0/0 -d 0.0.0.0/0
You can restrict this to 127/8 and all local addresses. In Addition to that
you should DENY all incomming packages originating fropm one of your local
> ipchains -A output -j ACCEPT -p tcp -s marvin 1024:65535 -d laus 1024:65535 ! -y
This above rule allows packages belonging to established connections in all
ports, makes no sense.
> ipchains -A output -j ACCEPT -p tcp -s marvin 1024:65535 -d laus smtp
> ipchains -A input -j ACCEPT -p tcp -s laus 1024:65535 -d marvin 1024:65535 ! -y
the above rule makes no sense
> ipchains -A input -j ACCEPT -p tcp -s laus smtp -d marvin 1024:65535 ! -y
thas fine, should work.
> is this correct, did I miss something?
> anything wich might need improvement?
> and why does this not work with ssh? (if I substitute smtp with ssh)
ssh is usig a priveledged source port as long as you dont give "-P" as an
option to ssh.