Re: newbie firewall recommendation
On Wed, Jun 04, 2003 at 09:48:13AM -0700, Richard Cochinos wrote:
> I followed the same guideline for OUTPUT, so my tables look something
> like:
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
> ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
> ACCEPT tcp -- anywhere anywhere tcp dpt:www
> ACCEPT tcp -- anywhere anywhere tcp dpt:https
on output it is "source port" not destination port. You can also add !syn on
output. a slightly easier config is to allow all non-syn regardless of the
source port.
make sure to add anti spoofing filters.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Reply to: