[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Strange firewall logs

Micah Anderson wrote:

> Ah, looking at my firewall I've got:
> -A output -s -d -p 17 -j ACCEPT
> -A output -s -d -j REJECT -l
> -A output -s -d -j REJECT -l
> -A input -s -d -j DENY -l
> -A input -s -d -j DENY -l
> So from what you are saying I should add:
> -A output -s 0 -d -p 1 -j ACCEPT
> -A output -s 3 -d -p 1 -j ACCEPT
> -A output -s 4 -d -p 1 -j ACCEPT
> -A output -s 8 -d -p 1 -j ACCEPT
> -A output -s 11 -d -p 1 -j ACCEPT
> -A output -s 12 -d -p 1 -j ACCEPT
> ?
> Should these be allowable from to anywhere? And would the ICMP
> port orginate on the end or the destination end?

No, addresses should never be allowed on any other interface other than loopback. Conversly, you should not accept traffic from these addresses on any interface other than loopback.

A nice way to do this with ipchains is:

ipchains -A input ! -i lo  -s -j DENY
ipchains -A output ! -i lo  -s -j DENY
ipchains -A input ! -i lo  -d -j DENY
ipchains -A output ! -i lo  -d -j DENY


Simon Murcott
e. simon@murcott.net

Reply to: