[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] [OT] Re: ipchains firewall blocking own c-clas s

Subject: RE: [cobalt-users] [OT] Re: ipchains firewall blocking own c-clas s
From: BSmith@xxxxxxxxxxx
Date: Tue Feb 11 10:21:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

-----Original Message-----
From: Bruce Timberlake 
Subject: [cobalt-users] [OT] Re: ipchains firewall blocking own c-class

and so on.  Remember it works from the top down, so the first rule the 
packet matches is where it "exits"... so specifically allow anything 
you _do_ want at the top, then start blocking stuff you don't want 
after that.

- -- 
Bruce Timberlake

_____________________________________

Sorry, I am bound to do this ... just for what I actually do during 
the course of a day.

I would actually BLOCK everything, and only allow in certain traffic!  
Why?

There are 65,535 TCP ports and 65,535 UDP ports.  That is just way to 
many to want to have open!  Especially with all of the kiddie scripters 
these days.

So, using IP chains, this is what I do.	

ipchains -F 
ipchains -P input DENY 
ipchains -P forward DENY 
ipchains -P output DENY 
ipchains -A input -i lo -j ACCEPT 
ipchains -A output -i lo -j ACCEPT 
ipchains -A forward -i lo -j ACCEPT 
ipchains -A input -i eth0 -j ACCEPT 
ipchains -A output -i eth0 -j ACCEPT

Prev by Date: [cobalt-users] spamd Service and port no?
Next by Date: Re: [cobalt-users] XP/Samba/Qube3/Frustration
Previous by thread: [cobalt-users] [OT] Re: ipchains firewall blocking own c-class
Next by thread: [cobalt-users] Slow MySQL server

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index