Re: high ports filtered?

To: Igor Mozetic <igor.mozetic@uni-mb.si>
Cc: Nate Campi <nate@campin.net>, debian-firewall@lists.debian.org
Subject: Re: high ports filtered?
From: Nate Campi <nate@campin.net>
Date: Thu, 8 Nov 2001 08:37:47 -0800
Message-id: <[🔎] 20011108083747.I19454@campin.net>
In-reply-to: <[🔎] 15338.44713.526293.62040@ravan.camtp.uni-mb.si>; from igor.mozetic@uni-mb.si on Thu, Nov 08, 2001 at 05:11:21PM +0100
References: <[🔎] 15338.39555.877375.796824@ravan.camtp.uni-mb.si> <[🔎] 20011108070214.H19454@campin.net> <[🔎] 15338.44713.526293.62040@ravan.camtp.uni-mb.si>

On Thu, Nov 08, 2001 at 05:11:21PM +0100, Igor Mozetic wrote:
> Nate Campi writes:
>  > 
>  > One option is to use stateful filtering so that connections that
>  > originate from those source ports are allowed. If your firewall is
>  > debian you can do this by using a 2.4 kernel and iptables.
> 
> No, this isn't an option, since the firewall is on the router
> and is not so sofisticated.
> So, what do people do in general, if they apply the policy
> that by default all ports are closed (as is often recommended)?

You can do the stateful filtering on the host instead. Allow established
connections, but block anything else to those ports. This should work
fine.
-- 
Nate Campi        http://www.campin.net        GnuPG key: 0xC17AEF79   
Key fingerprint = BF12 722F 8799 E614 33CC  FAB7 5A90 C464 C17A EF79

A mathematician is an engine for converting coffee into theorems.

Reply to:

References:
- high ports filtered?
  - From: Igor Mozetic <igor.mozetic@uni-mb.si>
- Re: high ports filtered?
  - From: Nate Campi <nate@campin.net>
- Re: high ports filtered?
  - From: Igor Mozetic <igor.mozetic@uni-mb.si>

Prev by Date: Re: high ports filtered?
Next by Date: Re: high ports filtered?
Previous by thread: Re: high ports filtered?
Next by thread: Re: high ports filtered?
Index(es):
- Date
- Thread