Re: Ipchains Questions
On Tue, 6 Jun 2000, Jay Kelly wrote:
> Hello Im running Potato for a firewall with ipchains. I would like to
> increase my security and currently have all ports stealth except 25 smtp, 79
> Finger, 80 http. If I make these ports stealth will this affect the ability
> to use the web and mail? I also tried to make netbois stealth but if still
> shows as closed. I used :
> /sbin/ipchains -A input -s 0.0.0.0/0 -d $MY_IP 139 -p tcp -j REJECT
>
Stealth ? What do you mean with that anyway, because REJECT sends
something back, DENY with not. If you just mean you want to firewall it,
it's correct ofcourse, then it only depends on personal preferance.
(small explanation: DENY will let trying connections timeout, REJECT will
let them fail immediately.)
if I'm not mistaken, you need to add udp as well, also 139 is only one of
the three ports of netbios (just look in /etc/services):
netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp
netbios-ssn 139/tcp # NETBIOS session service
netbios-ssn 139/udp
(disclaimer: this taken from the OpenBSD services file not Debian services
file, so it may be a bit different. ;)
> Why is this now working??
> Thanks
>
Hope this helps.
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
-------------------------------------
New things are always on the horizon.
Reply to: