Re: ipfwadm rule

[aphro <nate@firetrail.com>]

set your default policies to DENY (instead of ACCEPT) and try again
..everything will be blocked except what you specifically state should be
allowed in (dont try this from remote! you may lose access to the machine)

(use ipfwadm -p DENY)

nate

----------------------------------------[mailto:aphro@aphroland.org ]--
   Vice President Network Operations       http://www.firetrail.com/
  Firetrail Internet Services Limited      http://www.aphroland.org/
       Everett, WA 425-348-7336            http://www.linuxpowered.net/
            Powered By:                    http://comedy.aphroland.org/
    Debian 2.1 Linux 2.0.36 SMP            http://yahoo.aphroland.org/
-----------------------------------------[mailto:aphro@netquest.net ]--

On Fri, 29 Oct 1999, Pere Camps wrote:

> Hi!
> 
> 	I'm trying to set up my home box (connected via PPP to the
> internet to do the following):
> 
> 	a) Deny everything incoming (tcp,udp,icmp)
> 	b) Accept only DNS udp connections
> 	c) Accept incoming tcp data for only the connections that I have
> initiated.
> 
> 	So far I've got this working:
> 
> 	a) no problem
> 	b) I accept udp connections from the domain port to the 1024:65535
> 	c) I accept tcp connections from any port that's below 1024
> 
> 	Problems:
> 	c) They can still telnet me if doin'g it as root. The same for b).
> 
> 	Does anybody know the right ipfwadm rule for what I want and even
> if this setup is possible?
> 
> 	TIA!
> 
> -- p.
> 
> 
> -- 
> Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
>