[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Need help blocking all ports except a few

On Thu, Dec 25, 2003 at 02:54:41PM +0100, Sommarnatt wrote:
> I'm new to iptables/chains and need help setting up my new Debian system.
> The system is going to be a gameserver and I've never set that up before.

ipchains can run on 2.2 series kernels.  iptables requires 2.4
(or 2.3, but you might as well use 2.4).  Installing a 2.4 
kernel-image is fairly easy on debian, and since most modern 
firewall programs use iptables scripts I'd recommend making 
the switch to 2.4 (e.g. debian package kernel-image-2.4.18-1-686
or similar, depending what platform you run).

You can run ipchains, but I'm not sure what you have to do.

> The only services that really need to be open are ssh2 and the game server.
> The game server needs these ports opened:
> 5120-5300 (UDP only)
> 6667, 80,27900,28900,29900.29901,13139 and 6500
> Any takers? Or some pointers? Tried Firehol, but it complains that it needs a 
> kernel higher than 2.3

The other thing you could do is just make sure there aren't programs
running on any ports but these.  There was a recentish post about
doing that, and avoiding having a firewall altogether.  It amounts
to not having much else running, and it sounds like you won't need
much else anyway.

Patrick Lesslie

On Wed, Dec 10, 2003 Bernd Eckenfels wrote:
> On Wed, Dec 10, 2003 at 01:40:28PM +1100, Daniel Pittman wrote:
> > Extremely. Without a Firewall, connecting to the Internet is an
> > invitation to pain, these days. :/
> this is not true, if your system runs with a minimum of secure
> configuration. You do not need to run a firewall, if you do not have
> open ports.
> Using "netstat -tulp" as root will print all the processes you have to
> terminate, or decide you want to use (if you want to use them a firewall
> will have to permit those ports, anyway)

Reply to: