> One machine I administer has this rule
> /sbin/ipchains -A input -j REJECT -i $HOTCARD -p tcp -s $ANYCIDR -d $HOTHOME ! 20:80 -v -y $LOGIT
> This allows incoming traffic that has the SYN flag on (I.e. incoming, trying
> to establish a new connection) to work only on ports 20 through 80.
> Even on a well-administered firewall, this kind of rule can protect you
> from accidently installing something that exposes you to additional risk.
> And on a firewall which has software on it that your client insists on,
> it can really reduce your exposure!
Thanks for the advice! I tried to follow your command line and read the
manpage, but I could not entirely found out which addresses I must use.
I have an ethernet card (eth2) with address 10.0.0.150 connected to the
ADSL modem. When the connection is established, I also get a new interface
ppp0 with address 10.161.67.65.
Is $HOTCARD ppp0 or eth2 ?
Must I set $ANYCIDR to 0.0.0.0/0.0.0.0 and $HOTHOME to
10.161.67.65/255.255.255.0 or something else?
Is there also a way to slow portscans down with this command?