Re: Firewall (Linux new-comer)
- To: debian-user@lists.debian.org
- Subject: Re: Firewall (Linux new-comer)
- From: "Eric G . Miller" <egm2@jps.net>
- Date: Thu, 12 Oct 2000 01:40:44 -0700
- Message-id: <20001012014044.A9571@calico.local>
- Mail-followup-to: "Eric G . Miller" <egm2@jps.net>, debian-user@lists.debian.org
- In-reply-to: <003b01c0341b$0d5e0240$af70fd91@arcor>; from Matman@gmx.li on Thu, Oct 12, 2000 at 09:07:04AM +0200
- References: <003b01c0341b$0d5e0240$af70fd91@arcor>
On Thu, Oct 12, 2000 at 09:07:04AM +0200, Matthias Mann wrote:
> Hi people!
>
> I´m sitting on a single computer. Yesterday i´ve read the firewall-HOWTO and
> was very confused cause there are examples for a network system. Is there
> any possibility to build a firewall or other usefull security systems for my
> machine? I like to use netscape navigator to have fun and for my work at
> internet. And i don´t like that others have access to my computer. Wich
> packages of Debian 2.2 potato should i use for this purpose? Or is there
> some better software available of other developers?
>
> Have a lucky day!
Here's a small ipchains rule list for a dial-up (note: There's no
telnetd, ftpd, portmapper, fingerd, popd, imapd, or just about anything
else listening...).
:input ACCEPT
:forward REJECT
:output ACCEPT
:ppp-in -
:ppp-out -
-A input -i ppp0 -j ppp-in
-A output -i ppp0 -j ppp-out
-A ppp-in -p tcp --destination-port 25 -j REJECT
-A ppp-in -p udp --destination-port 25 -j REJECT
-A ppp-in -p tcp --destination-port 80 -j REJECT
-A ppp-in -p udp --destination-port 80 -j REJECT
-A ppp-in -p tcp --destination-port 110:113 -j REJECT
-A ppp-in -p udp --destination-port 110:113 -j REJECT
-A ppp-in -p tcp --destination-port 137:139 -j REJECT
-A ppp-in -p udp --destination-port 137:139 -j REJECT
-A ppp-in -p tcp --destination-port 6000 -j REJECT
-A ppp-in -p udp --destination-port 6000 -j REJECT
-A ppp-in -p tcp --destination-port 7100:7101 -j REJECT
-A ppp-in -p udp --destination-port 7100:7101 -j REJECT
-A ppp-in -p tcp --destination-port 5432 -j REJECT
-A ppp-in -p udp --destination-port 5432 -j REJECT
-A ppp-in -p tcp --destination-port 27374 -j REJECT
-A ppp-in -p udp --destination-port 27374 -j REJECT
Use: $ ipchains-restore < /etc/ipchains.rules
--
/bin/sh ~/.signature:
Command not found
Reply to: