Re: firewalling

[jpenny@universal-fasteners.com]

On Mon, Nov 13, 2000 at 02:14:23PM +0100, Sebastiaan wrote:
> 
> Hello,
> 
> I am configuring a computer as a firewall and ip-masquerading server.
> Being on this adventure (it is my first time doing this), I have the
> following questions:
> 
> - I did a nmap localhost and discovered that unwanted ports 'sunrpc' (111)
> and 'printer' (515) are open. I have not found these in inetd.conf and I
> do not know how to turn these off. I have already tried removing sunrpc.o
> from the modules, but the computer would not do that. What is this port
> used for?
> 
> - I have heard something about putting hosts who are portscanning you
> automatically in hosts.deny, so that your computer is invisible for that
> host. Where can I control that function (and put it on)?
> 
> - any other things worth knowing about private firewall ip-masq servers?
> 
> Thanks in advance!
> Sebastiaan

There have already been some good suggestions on how to fix this.  (Remove
uneeded packages!)

However, you can also use ipchains to specifically block these incoming
ports.

One machine I administer has this rule

/sbin/ipchains -A input -j REJECT -i $HOTCARD -p tcp -s $ANYCIDR -d $HOTHOME ! 20:80 -v -y $LOGIT

This allows incoming traffic that has the SYN flag on (I.e. incoming, trying
to establish a new connection) to work only on ports 20 through 80. 
Even on a well-administered firewall, this kind of rule can protect you
from accidently installing something that exposes you to additional risk.
And on a firewall which has software on it that your client insists on,
it can really reduce your exposure!


> 
> 
> -- 
> Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
>