RE: firewall ruleset

To: Maurice Verhagen <maurice@verhagen.org>
Cc: debian-isp@lists.debian.org
Subject: RE: firewall ruleset
From: wsuetholz@centonline.com
Date: Wed, 20 Dec 2000 11:58:50 -0600 (CST)
Message-id: <[🔎] XFMail.001220115850.wsuetholz@centonline.com>
Reply-to: wsuetholz@centonline.com
In-reply-to: <[🔎] Pine.LNX.4.21.0012200943250.32696-100000@grover.core.verhagen.org>

Hello,
  You shouldn't need to have all the reply ports open.  I have ours closed
and we are able to do everything we need including FTP.  Besides which,
what do you mean by reply ports?  Are you talking FTP reply?   Or something
else.  Basically the ports > 1023 are just non system/reserved ports.

Bill Suetholz


On 20-Dec-00 Maurice Verhagen wrote:
> Hello,
> 
> I have some problem with several users on our network. 
> The firewall settings are the following:
> reject all traffic (incoming, outgoing, forward)
> accept several ports.
> I don't want them to surf the web so I closed port 80 for all sites except
> some (for instance some business related sites).
> Now some wiseguys found out that all the reply ports are open
> (1023-65535) and they use anonymous proxies around the world. 
> I closed port 3128 and 8080 (most common). But now they use random ports
> with a port-redirector I guess at several boxes outside the company.
> 
> I wondered if there is a better ruleset then allowing all high ports
> (1023+) ??
> 
> Kind regards,
> Maurice Verhagen
>  
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

----------------------------------
E-Mail: wsuetholz@centonline.com
Date: 20-Dec-00
Time: 11:56:46

This message was sent by XFMail
----------------------------------

Reply to:

References:
- firewall ruleset
  - From: Maurice Verhagen <maurice@verhagen.org>

Prev by Date: firewall ruleset
Next by Date: RE: firewall ruleset
Previous by thread: firewall ruleset
Next by thread: RE: firewall ruleset
Index(es):
- Date
- Thread