DENY tcp ----l- 0xFF 0x00 eth1 0.0.0.0/0 24.182.146.18 * -> 1:1023
rule protocol log Who knows NIC any ip my ip from any port to your ports
Translation:
Deny tcp packets, logging it, Huh??, to my eth1 from any ip on the planet to
the ip address of the NIC of my router (which connects to the internet)
from any port to my ports 1 to 1023.
ip's are in dot quad format with a netmask if needed.
0.0.0.0. is host 0.0.0.0 but 0.0.0.0/0 is any ip.
127.0.0.0/24 is the local host.
Firewalls are simple once you have the few rules figured out. Here is a
simple rule from my firewall. It denies all requests from any host to my
internet facing NIC to access the ports from 1 to 1023 (These are the
privileged ports to which various services, like ftp, telnet, printing, and
others listen for requests for services. You likely didn't know that port
515 (port for printing local or network files) is ripe for exploitation.
You are at a crucial stage. If you don't learn this simple stuff, you will
be like those poor souls in Shakespeare, who, not catching the tide at its
flood, will wallow in the shallows, etc., at least as far as security.
For your own good, and for the good of your security, firewalls are way too
important to leave to magic security scripts.
You should know which other ports you have to protect, like 6000 (your X server)
and make sure to prevent unwanted people from attaching to such services.
I just edit my firewall using vi. It is so simple that way.
ipchains-save > file
Edit the file
ipchains -F; cat file | ipchains-restore -f
Piece of cake.
Buy a book or read about firewalls. You have been warned.
In addition, if you want to arrange ipmasq or use nonstandard ports for
services (Say, to disguise your web page from your ISP which bans such
things), knowing about firewalls is essential.
Joel
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
