[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Question about ipchains



On Mon, Mar 26, 2001 at 08:01:34PM +0200, Alson van der Meulen wrote:

> It accepts all other traffic to non-privileged ports. i prefer to
> allow traffic without the syn flag (not initiating a new connection)
> only, not all misc traffic, it's more secure, the way to do it is
> like:
> ipchains -A input -s 0/0 -d 0/0 1024:65535 -p tcp ! -y -j ACCEPT
> ipchains -A input -s 0/0 -d 0/0 1024:65535 -p udp ! -y -j ACCEPT
> 

unfortuantly this breaks irc, ftp and many other things.  

> Read the ipchains howto for more info
> -- 
> ,-------------------------------------------.
> > Name:           Alson van der Meulen      <
> > Personal:       alson@linuxfreak.nl       <
> > School:       alson@gymnasiumleiden.nl    <
> `-------------------------------------------'
> Nobody was using that file /vmunix, were they?
> ---------------------------------------------
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpnLAftmaN8a.pgp
Description: PGP signature


Reply to: