Re: newbie firewall recommendation

To: Richard Cochinos <richard@theory.org>
Cc: debian-firewall@lists.debian.org
Subject: Re: newbie firewall recommendation
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Wed, 4 Jun 2003 21:07:55 +0200
Message-id: <[🔎] 20030604190755.GB20077@lina.inka.de>
In-reply-to: <[🔎] Pine.LNX.4.44.0306040932320.4541-100000@in.theory.org>
References: <[🔎] 20030604060347.GA9653@lina.inka.de> <[🔎] Pine.LNX.4.44.0306040932320.4541-100000@in.theory.org>

On Wed, Jun 04, 2003 at 09:48:13AM -0700, Richard Cochinos wrote:
> I followed the same guideline for OUTPUT, so my tables look something
> like:

> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:smtp
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:www
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:https

on output it is "source port" not destination port. You can also add !syn on
output. a slightly easier config is to allow all non-syn regardless of the
source port.

make sure to add anti spoofing filters.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to:

References:
- Re: newbie firewall recommendation
  - From: Bernd Eckenfels <lists@lina.inka.de>
- Re: newbie firewall recommendation
  - From: Richard Cochinos <richard@theory.org>

Prev by Date: monitorless intall - a newbie question
Next by Date: RE: monitorless intall - a newbie question
Previous by thread: Re: newbie firewall recommendation
Next by thread: Re: newbie firewall recommendation
Index(es):
- Date
- Thread