Re: firewalling

To: jpenny@universal-fasteners.com
Cc: debian-user@lists.debian.org
Subject: Re: firewalling
From: Sebastiaan <sebastia@ch.twi.tudelft.nl>
Date: Tue, 14 Nov 2000 13:25:12 +0100 (CET)
Message-id: <[🔎] Pine.LNX.3.96.1001114131825.13385B-100000@ch.twi.tudelft.nl>
In-reply-to: <[🔎] 20001113120112.U3319@universal-fasteners.com>

Hi,

> One machine I administer has this rule
> 
> /sbin/ipchains -A input -j REJECT -i $HOTCARD -p tcp -s $ANYCIDR -d $HOTHOME ! 20:80 -v -y $LOGIT
> 
> This allows incoming traffic that has the SYN flag on (I.e. incoming, trying
> to establish a new connection) to work only on ports 20 through 80. 
> Even on a well-administered firewall, this kind of rule can protect you
> from accidently installing something that exposes you to additional risk.
> And on a firewall which has software on it that your client insists on,
> it can really reduce your exposure!

Thanks for the advice! I tried to follow your command line and read the
manpage, but I could not entirely found out which addresses I must use.
I have an ethernet card (eth2) with address 10.0.0.150 connected to the
ADSL modem. When the connection is established, I also get a new interface
ppp0 with address 10.161.67.65.

Is $HOTCARD ppp0 or eth2 ?
Must I set $ANYCIDR to 0.0.0.0/0.0.0.0 and $HOTHOME to
10.161.67.65/255.255.255.0 or something else?
Is there also a way to slow portscans down with this command?


Thanks,
Sebastiaan

Reply to:

References:
- Re: firewalling
  - From: jpenny@universal-fasteners.com

Prev by Date: Can't install undated pkgs
Next by Date: Re: Okay who's this "H.C.Hsiang" <hchsiang@tpts4.seed.net.tw>?
Previous by thread: Re: firewalling
Next by thread: build apache with APXS ?
Index(es):
- Date
- Thread