Re: Need help blocking all ports except a few
On Thu, Dec 25, 2003 at 02:54:41PM +0100, Sommarnatt wrote:
> I'm new to iptables/chains and need help setting up my new Debian system.
> The system is going to be a gameserver and I've never set that up before.
ipchains can run on 2.2 series kernels. iptables requires 2.4
(or 2.3, but you might as well use 2.4). Installing a 2.4
kernel-image is fairly easy on debian, and since most modern
firewall programs use iptables scripts I'd recommend making
the switch to 2.4 (e.g. debian package kernel-image-2.4.18-1-686
or similar, depending what platform you run).
You can run ipchains, but I'm not sure what you have to do.
> The only services that really need to be open are ssh2 and the game server.
> The game server needs these ports opened:
> 5120-5300 (UDP only)
> 6667, 80,27900,28900,29900.29901,13139 and 6500
> Any takers? Or some pointers? Tried Firehol, but it complains that it needs a
> kernel higher than 2.3
The other thing you could do is just make sure there aren't programs
running on any ports but these. There was a recentish post about
doing that, and avoiding having a firewall altogether. It amounts
to not having much else running, and it sounds like you won't need
much else anyway.
On Wed, Dec 10, 2003 Bernd Eckenfels wrote:
> On Wed, Dec 10, 2003 at 01:40:28PM +1100, Daniel Pittman wrote:
> > Extremely. Without a Firewall, connecting to the Internet is an
> > invitation to pain, these days. :/
> this is not true, if your system runs with a minimum of secure
> configuration. You do not need to run a firewall, if you do not have
> open ports.
> Using "netstat -tulp" as root will print all the processes you have to
> terminate, or decide you want to use (if you want to use them a firewall
> will have to permit those ports, anyway)