Re: firewalling
On Mon, Nov 13, 2000 at 02:14:23PM +0100, Sebastiaan wrote:
>
> Hello,
>
> I am configuring a computer as a firewall and ip-masquerading server.
> Being on this adventure (it is my first time doing this), I have the
> following questions:
>
> - I did a nmap localhost and discovered that unwanted ports 'sunrpc' (111)
> and 'printer' (515) are open. I have not found these in inetd.conf and I
> do not know how to turn these off. I have already tried removing sunrpc.o
> from the modules, but the computer would not do that. What is this port
> used for?
>
> - I have heard something about putting hosts who are portscanning you
> automatically in hosts.deny, so that your computer is invisible for that
> host. Where can I control that function (and put it on)?
>
> - any other things worth knowing about private firewall ip-masq servers?
>
> Thanks in advance!
> Sebastiaan
There have already been some good suggestions on how to fix this. (Remove
uneeded packages!)
However, you can also use ipchains to specifically block these incoming
ports.
One machine I administer has this rule
/sbin/ipchains -A input -j REJECT -i $HOTCARD -p tcp -s $ANYCIDR -d $HOTHOME ! 20:80 -v -y $LOGIT
This allows incoming traffic that has the SYN flag on (I.e. incoming, trying
to establish a new connection) to work only on ports 20 through 80.
Even on a well-administered firewall, this kind of rule can protect you
from accidently installing something that exposes you to additional risk.
And on a firewall which has software on it that your client insists on,
it can really reduce your exposure!
>
>
> --
> Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
>
Reply to:
- References:
- firewalling
- From: Sebastiaan <sebastia@ch.twi.tudelft.nl>