[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Default DENY with ipchains

On Thu, Oct 19, 2000 at 11:07:16PM +0200, Srebrenko Sehic wrote:
:) Hello
:) Is is possible to prevent ordinary users from opening unprivliged ports
:) (>1024 tcp/udp)? If yes, how?
:) I've tried virtually every possible way to do this, but with no luck.
:) I have a single NIC on my Linux box.
:) Can somebody shed som light on this issue?
:) Thanks
:) -- haver


reading replies to this question, here's another way.

I suggest something like 
/sbin/ipchains ... -p tcp -y -d your.box 1024: -j DENY
this actually don't stop opening of high ports but stops (really?) from
getting connections to these ports. (stop SYN packet)

big trouble is UDP : actualy cannot stop all traffic to ports above 1023
but I do hope that UDP's from bellow 1023 to above 1023 are OK. right ?

<brainstorming> what about daemon, catches open ports from `netstat -anp -A inet`
killing all not permitted. </brainstorming>

bye.	(helps a little?)


<tiko> kotek@tuke.sk work=UVT_TU_Kosice home=undef </tiko>
M$ Antivirus  
Warning : This will install Linux on your system [Y/n]

Reply to: