Jaffar the Prince wrote:
>
> hi
>
> can anyone tell, iwhat is supposed to do
>
> ipfwadm -Ia deny -P icmp -S 0.0.0.0
> ipfwadm -Ia reject -P icmp -S 0.0.0.0
>
> ?
> because i expect it to refuse ALL icmp requests... but still:
>
> 64 bytes from x.x.x.x: icmp_seq=0 ttl=32 time=0.6 ms
>
> i am running redhat 5.2.
The best way to design a filter like ipfwadm is to begin by denying all
services (ipfwadm is something like 'ipfwadm -I -p deny'). The permit
only explict ports like port 80 to ip. address 1.2.3.4 (something like
this):
ipfwadm -I a -b -p tcp -S 0.0.0.0/0 1024:65535 -D 1.2.3.4 80
Then on the linux filtering box I'd add TCPWrappers to block all ports
on the inside interface except appropriate ones. And make sure ALL
unnecessary services are off (including telnet... use ssh instead)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
