Hi, > One machine I administer has this rule > > /sbin/ipchains -A input -j REJECT -i $HOTCARD -p tcp -s $ANYCIDR -d $HOTHOME > ! 20:80 -v -y $LOGIT > > This allows incoming traffic that has the SYN flag on (I.e. incoming, trying > to establish a new connection) to work only on ports 20 through 80. > Even on a well-administered firewall, this kind of rule can protect you > from accidently installing something that exposes you to additional risk. > And on a firewall which has software on it that your client insists on, > it can really reduce your exposure!
Thanks for the advice! I tried to follow your command line and read the manpage, but I could not entirely found out which addresses I must use. I have an ethernet card (eth2) with address 10.0.0.150 connected to the ADSL modem. When the connection is established, I also get a new interface ppp0 with address 10.161.67.65. Is $HOTCARD ppp0 or eth2 ? Must I set $ANYCIDR to 0.0.0.0/0.0.0.0 and $HOTHOME to 10.161.67.65/255.255.255.0 or something else? Is there also a way to slow portscans down with this command? Thanks, Sebastiaan