My employer tasked me with setting up an IPChains firewall for our site. Following many of the recommendations from others on this site, I have tried to be very restrictive in regards to ingress and egress filtering. Currently, I have denied all inbound SYN connections on the external interface with the ! -y option; however, I had to allow in all traffic that was not flagged with a SYN so that the apache proxy I have setup would work. This appears to stop TCP scans, but it will not stop scans that do not use a SYN to connect to the external interface. For example, last evening I saw some weird FP flagged connections from source port https to port 1900 on my external interface. This was not disallowed by my system and my system responded with a ICMP unreachable to some other address. Is there a way to DENY inbound connections with flags other than SYN if they did not originate from my system? Thanks in advance for the help. Darich - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
