Re: Ports to block?

To: debian-security@lists.debian.org
Subject: Re: Ports to block?
From: Cherubini Enrico <kevin@bestkevin.com>
Date: Fri, 6 Apr 2001 00:09:33 +0200
Message-id: <20010406000933.B2217@bestkevin.com>
In-reply-to: <3ACCD7D6.8080209@netlink.demon.co.uk>; from Steve Ball on Thu, Apr 05, 2001 at 09:38:46PM +0100
References: <Pine.LNX.4.21.0104051250560.29975-100000@xenophobe.freaks.com> <3ACCD7D6.8080209@netlink.demon.co.uk>

Ciao,
 Thu, Apr 05, 2001 at 09:38:46PM +0100, Steve Ball wrote:

> It is most secure to block everything and only open the ports that are 
> absolutely necessary.
ok, this is clear. What's the way you ppl do that throught ipchains/iptables
? Is it better to use the ACCEPT policy and then DENY all or use the DENY
policy and ACCEPT only ports needed ? I use the first 'cause so I can log
all packet that are denied...

# Start
ipchains -P input ACCEPT
....
ipchains -A input -j DENY -l
# End

-- 


Bye
                            +--------+ Maybe you are searching for freedom
                            | Enrico |    Maybe you can't find it anywhere
                            +--------+          I found it in linux.......

``I think he has a Napoleonic concept of himself and his company, an arrogance 
    that derives from power and unalloyed success, with no leavening hard 
 experience, no reverses,'' Judge Thomas Penfield Jackson says of Bill Gates.

Reply to:

Follow-Ups:
- Re: Ports to block?
  - From: "Eric N. Valor" <eric.valor@lutris.com>
- Re: Ports to block?
  - From: Hans Spaans <cj.spaans@nexit.nl>

References:
- Ports to block?
  - From: Brandon High <armitage@freaks.com>
- Re: Ports to block?
  - From: Steve Ball <steve@netlink.demon.co.uk>

Prev by Date: Re: Ports to block?
Next by Date: Re: Ports to block?
Previous by thread: Re: Ports to block?
Next by thread: Re: Ports to block?
Index(es):
- Date
- Thread