[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] ipchains rule check
- Subject: [cobalt-users] ipchains rule check
- From: toma <toma@xxxxxxxxx>
- Date: Sat Apr 20 14:43:17 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
I just setup IPchains using PMfirewall to configure things. Could some
experts here tell me if my rules are passable?
Here is the results of the command: /sbin/ipchains -L
[root admin]# /sbin/ipchains -L
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT all ------ anywhere anywhere n/a
ACCEPT tcp !y---- anywhere my.ip.address.here/29 any ->
any
DENY all ------ 10.0.0.0/8 my.ip.address.here/29 n/a
DENY all ------ 127.0.0.0/8 my.ip.address.here/29 n/a
DENY all ------ 172.16.0.0/12 my.ip.address.here/29 n/a
DENY all ------ 192.168.0.0/16 my.ip.address.here/29 n/a
DENY tcp ----l- anywhere my.ip.address.here/29 any ->
31337
DENY udp ----l- anywhere my.ip.address.here/29 any ->
31337
DENY tcp ----l- anywhere my.ip.address.here/29 any ->
12345:12346
DENY udp ----l- anywhere my.ip.address.here/29 any ->
12345:12346
DENY tcp ----l- anywhere my.ip.address.here/29 any ->
ingreslock
DENY tcp ----l- anywhere my.ip.address.here/29 any ->
27665
DENY udp ----l- anywhere my.ip.address.here/29 any ->
27444
DENY udp ----l- anywhere my.ip.address.here/29 any ->
31335
DENY all ------ BASE-ADDRESS.MCAST.NET/8 anywhere n/a
DENY all ------ anywhere BASE-ADDRESS.MCAST.NET/8 n/a
ACCEPT all ------ my.ip.address.here/29 anywhere n/a
ACCEPT all ------ hd5e258ac.gavlegardarna.gavle.to anywhere
n/a
DENY udp ------ anywhere anywhere any ->
bootps:bootpc
ACCEPT tcp ------ anywhere my.ip.address.here/29 any ->
ftp-data
ACCEPT tcp ------ anywhere my.ip.address.here/29 any ->
ftp
ACCEPT tcp ------ anywhere my.ip.address.here/29 any ->
ssh
ACCEPT tcp ------ anywhere my.ip.address.here/29 any ->
telnet
ACCEPT tcp ------ anywhere my.ip.address.here/29 any ->
smtp
ACCEPT tcp ------ anywhere my.ip.address.here/29 any ->
domain
ACCEPT udp ------ anywhere my.ip.address.here/29 any ->
domain
ACCEPT tcp ------ anywhere my.ip.address.here/29 any ->
www
ACCEPT tcp ------ anywhere my.ip.address.here/29 any ->
81
ACCEPT tcp ------ anywhere my.ip.address.here/29 any ->
pop3
ACCEPT tcp ------ anywhere my.ip.address.here/29 any ->
auth
ACCEPT udp ------ anywhere my.ip.address.here/29 any ->
113
ACCEPT tcp ------ anywhere my.ip.address.here/29 any ->
nntp
ACCEPT tcp ------ anywhere my.ip.address.here/29 any ->
ntp
ACCEPT udp ------ anywhere my.ip.address.here/29 any ->
ntp
DENY tcp ------ anywhere anywhere any ->
netbios-ns:netbios-ssn
DENY udp ------ anywhere anywhere any ->
netbios-ns:netbios-ssn
ACCEPT tcp ------ anywhere my.ip.address.here/29 any ->
imap2
ACCEPT tcp ------ anywhere my.ip.address.here/29 any ->
https
REJECT udp ------ anywhere anywhere any ->
route
DENY tcp ----l- anywhere anywhere any ->
2049
DENY udp ----l- anywhere anywhere any ->
2049
DENY tcp ------ anywhere anywhere any ->
5999:6003
DENY udp ------ anywhere anywhere any ->
5999:6003
ACCEPT icmp ------ anywhere my.ip.address.here/29 any ->
any
ACCEPT tcp ------ anywhere my.ip.address.here/29 any ->
1023:65535
ACCEPT udp ------ anywhere my.ip.address.here/29 any ->
1023:65535
DENY all ----l- anywhere anywhere n/a
Chain forward (policy DENY):
Chain output (policy ACCEPT):
target prot opt source destination ports
ACCEPT all ------ anywhere anywhere n/a
ACCEPT icmp ------ my.ip.address.here/29 anywhere any ->
any
ACCEPT all ------ anywhere anywhere n/a
Thanks
Tom
crimescene.com