Ok, so recently Glynn made a comment about using the -b switch in ipfwadm
(which also applies to ipchains). So, with an open mind I reviewed my
firewall rules.
And I noticed something :). Consider this example:
ipchains -A input -j ACCEPT -i ppp+ -s 0/0 domain -p udp
My philosophy behind this is since udp is connectionless, I can't use the
'! -y' notation (SYN cleared, ACK |& FIN set) to allow replies back into
my localnet, I have to allow for the following:
local machine sends DNS request via udp from a random port to port 53 on
an outside DNS server (no firewall rules apply, I have very few output
chain rules).
outside DNS server sends a reply back from port 53 to
localhost:randomport (the above rule would allow this to happen)
Now, the problem I see is that suddenly, ANY udp port locally is now
accessable as long as it originates from port 53 on the outside. This is a
massive security hole as far as I'm concerned.
What can be done about this? Suggestions? Comments? ... Glynn? :)
G'day!
-- n i c h o l a s j l e o n
/ elegance through simplicity /
/ good fortune through truth / http://mrnick.binary9.net
/ not all questions have answers / mailto:[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
