Re: Default DENY with ipchains
On Thu, Oct 19, 2000 at 11:07:16PM +0200, Srebrenko Sehic wrote:
:) Is is possible to prevent ordinary users from opening unprivliged ports
:) (>1024 tcp/udp)? If yes, how?
:) I've tried virtually every possible way to do this, but with no luck.
:) I have a single NIC on my Linux box.
:) Can somebody shed som light on this issue?
:) -- haver
reading replies to this question, here's another way.
I suggest something like
/sbin/ipchains ... -p tcp -y -d your.box 1024: -j DENY
this actually don't stop opening of high ports but stops (really?) from
getting connections to these ports. (stop SYN packet)
big trouble is UDP : actualy cannot stop all traffic to ports above 1023
but I do hope that UDP's from bellow 1023 to above 1023 are OK. right ?
<brainstorming> what about daemon, catches open ports from `netstat -anp -A inet`
killing all not permitted. </brainstorming>
bye. (helps a little?)
<tiko> email@example.com work=UVT_TU_Kosice home=undef </tiko>
Warning : This will install Linux on your system [Y/n]