Matthew Micene wrote: > > On Mon, 11 Sep 2000, you wrote: > <snip> > > the XFS port listed in the pmfirewall.conf file > ><snip> > > I am still trying to track down the actual UDP port it listens on but as > far as I can tell, netstat -nlp shows port 1029 open but doesn't list > which process has it open. lsof doesn't show xfs using UDP, but both show > the unix socket in use by xfs. The xfs man pages talk about TCP port > assignment and I can't find the source for the -udpPort 0 workaround I am > playing with. That all said :) when xfs is started with -udpPort 0, udp > port 1029 stops listening. *shrug* The default XFS setup on mandrake is 'unix/:-1' which means it uses unix domain sockets rather than TCP/UDP sockets. So there's no chance of someone not on the machine talking to xfs. If it has been changed on your machine, the XF86Config file is one place to look for the current setting. > > <snip> > > yesterday, and added to it all the ports for known trojans (linux, > windows > and otherwise), one by freakin' one of them, and now have a list > of ipchains > rules a mile and a half long! > <snip> > Nah, paranoid is having a listing that denies all traffic from the IANA > reserved blocks properly listed and/or bitmasked so no one can use the > reserved addresses (and not just the RFC 1918 ones either :) to spoof > pakcets at my firewalls :) as well as the known trojan port list, a black > hole list for known bad addresses.... *grin* The simplest setting is to deny everything, then only permit things that you want to use. As for denying RFC1918 addresses (10.x/8, 172.16.x/12 adn 192.168.x/16), there is little point to doing this - no ISP carries routes for these addresses, so any return packets from such addresses will be lost. I think the only point of doing this would be to guard against blind attacks where the return packets are not necessary to the attack, but it's unlikely these would come from such addresses so it's better to guard against them in other ways. It's best to have a separate firewall if you have a spare PC and ethernet cards - that way you can install a stripped down firewall such as those based on LRP (www.linuxrouter.org) or the new Smoothwall, www.smoothwall.org, which looks pretty good. Mandrake is not a very good choice for firewalls unless you have a spare Pentium or better; it's quite hard to get hold of the 486 Mandrake CD. Richard
Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.