[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewalling

On Mon, Nov 13, 2000 at 02:14:23PM +0100, Sebastiaan wrote:
> Hello,
> I am configuring a computer as a firewall and ip-masquerading server.
> Being on this adventure (it is my first time doing this), I have the
> following questions:
> - I did a nmap localhost and discovered that unwanted ports 'sunrpc' (111)
> and 'printer' (515) are open. I have not found these in inetd.conf and I
> do not know how to turn these off. I have already tried removing sunrpc.o
> from the modules, but the computer would not do that. What is this port
> used for?
> - I have heard something about putting hosts who are portscanning you
> automatically in hosts.deny, so that your computer is invisible for that
> host. Where can I control that function (and put it on)?
> - any other things worth knowing about private firewall ip-masq servers?
> Thanks in advance!
> Sebastiaan

There have already been some good suggestions on how to fix this.  (Remove
uneeded packages!)

However, you can also use ipchains to specifically block these incoming

One machine I administer has this rule

/sbin/ipchains -A input -j REJECT -i $HOTCARD -p tcp -s $ANYCIDR -d $HOTHOME ! 20:80 -v -y $LOGIT

This allows incoming traffic that has the SYN flag on (I.e. incoming, trying
to establish a new connection) to work only on ports 20 through 80. 
Even on a well-administered firewall, this kind of rule can protect you
from accidently installing something that exposes you to additional risk.
And on a firewall which has software on it that your client insists on,
it can really reduce your exposure!

> -- 
> Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null

Reply to: