On Saturday 27 October 2001 07:32 pm, you wrote: > At 06:37 PM 10/27/2001 -0600, Sergio Korlowsky wrote: > > Internet Protocols (UDP( > > connectionless > > > >Short for 'User Datagram Protocol', a connectionless protocol that, like > > TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few > > error recovery services, offering instead a direct way to send and > > receive datagrams over an IP network. It's used primarily for > > broadcasting messages over a network > > OK, so how can I use Bastille to block those ports from the outside/public > side/internet side? > I wish I had more time to learn how to manually do this. -------------------------------------------------------------- Actually you can 'block' everything you want to block just using iptables, one simple, 'chain' line can make you 'invisible from outside.
Then you can add the ports you want to open, or need to open. The best rule For a personal or desktop firewall. is: "If you aren't going to use it, don't open it." The command to execute iptables is simple: as root type iptables. /sbin/iptables iptables v1.2.1: no command specified Try `iptables -h' or 'iptables --help' for more information. the quickest way to protect your pc is with the following iptables chain: /sbin/iptables -A INPUT -p tcp --syn -j DROP The previous will allow you to, as the user of the computer, performed all your normal Internet activities. You will be able to browse the Web, ssh out, or chat with a friend on ICQ. On the other hand, the outside world, when trying to connect to your Linux box via TCP/IP, will simply be ignored. This is a reasonable and 'safe' solution for most Linux computers. However, one of the benefits of Linux is its remote management capabilities. one of the more popular ways is SSH, which operates on port 22, then you need to enable port 22 while keeping the rest of the connections closed. /sbin/iptables -A INPUT -p tcp --syn --destination-port 22 -j ACCEPT /sbin/iptables -A INPUT -p tcp --syn -j DROP It is probably not a good idea to let the world connect to your machine on port 22 Therefore, you can limit which machines may connect to port 22, adding the -s option. /sbin/iptables -A INPUT -p tcp --syn -s 192.168.1.110/32 --destination-port 22 -j ACCEPT /sbin/iptables -A INPUT -p tcp --syn -j DROP the -s 192.168.1.110/32 will enable only the remote machine with the IP address of 192.168.1.110 to connect to your protected host. you may create an iptables-based firewall, but each line (chain) is read sequentially, so if you want to run a public Web server. on port :80 This could be done with the following commands: /sbin/iptables -A INPUT -p tcp --syn -s 192.168.1.110/32 --destination-port 22 -j ACCEPT /sbin/iptables -A INPUT -p tcp --syn --destination-port 80 -j ACCEPT /sbin/iptables -A INPUT -p tcp --syn -j DROP A few days ago, I read an article... can't recall where by: Joshua Drake and he explains this in more detail.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
