[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Ipchains Questions

On Tue, 6 Jun 2000, Jay Kelly wrote:

> Hello Im running Potato for a firewall with ipchains. I would like to
> increase my security and currently have all ports stealth except 25 smtp, 79
> Finger, 80 http. If I make these ports stealth will this affect the ability
> to use the web and mail? I also tried to make netbois stealth but if still
> shows as closed. I used :
> /sbin/ipchains -A input -s -d $MY_IP 139 -p tcp -j REJECT

Stealth ? What do you mean with that anyway, because REJECT sends
something back, DENY with not. If you just mean you want to firewall it,
it's correct ofcourse, then it only depends on personal preferance.

(small explanation: DENY will let trying connections timeout, REJECT will
let them fail immediately.)

if I'm not mistaken, you need to add udp as well, also 139 is only one of
the three ports of netbios (just look in /etc/services):
netbios-ns	137/tcp		# NETBIOS Name Service
netbios-ns	137/udp
netbios-dgm	138/tcp		# NETBIOS Datagram Service
netbios-dgm	138/udp
netbios-ssn	139/tcp		# NETBIOS session service
netbios-ssn	139/udp

(disclaimer: this taken from the OpenBSD services file not Debian services
file, so it may be a bit different. ;)

> Why is this now working??
> Thanks

Hope this helps.

> --  
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

New things are always on the horizon.

Reply to: