Hi Chris, hi all I you want to block incoming connections above 1024 but don't want to block them at all, use the -y flag of IPCHAINS.
example: ipchains -I input -j DENY -p tcp -s 0/0 -d $EXTERNAL_IP 1024: -i $EXTERNAL_IF -y -l This will DENY every packet which tries to initiate a connection on ports above 1024. All other packets will be accepted (as it is now). Please note that active FTP for example (use passive FTP instead) will not work anymore. Perhaps other special applications will not work, but I used this rule for several months and didn't notice any problems, even with the following apps: Napster, Half-Life (Counterstrike), ICQ If you want to learn more about the -y flag, please read the section "Specifying TCP SYN Packets Only" on http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO-4.html --- Sandro Minola | LEAF Developer (http://leaf.sourceforge.net) mailto:[EMAIL PROTECTED] | mailto:[EMAIL PROTECTED] http://www.minola.ch | http://leaf.sourceforge.net/devel/sminola > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Christopher > Holmes > Sent: Monday, February 25, 2002 3:52 AM > To: [EMAIL PROTECTED] > Subject: [Leaf-user] Morpheus? > > > Anyone know if it's possible to set up a firewall (Dachstein) to > safely use > Morpheus? Do I need to open a port or something? I searched > around on the > web & suprisingly didn't find much. > > Chris > > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
