On Wed, Mar 27, 2002 at 01:43:18PM -0300, walruz wrote:
> I?m new to the list so perhaps (almost surely) you have answered this
> question. I made a script for iptables in order to let go trough the
> firewall only packets to some specified ports (ftp, ssh and smtp). It works
> fine for me and even i set up a VPN to another small LAN behind the
> firewall.. but i found myself with a problem when i try to portscan
> outside.. all returning packets (i can see they are from active services
> ports) drop because they try to reach my machine at many different (high and
> non-high) tcp ports. Is there a way to tell the firewall to allow this
> packets? Any TOS or any other flag to identify the packet and then accept
> it? Any rtfm would be apreciated too! ;)
Use the REJECT target, and add rules at the end of your input chain
similar to this:
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp -j REJECT --reject-with port-unreach
iptables -A INPUT -j REJECT --reject-with proto-unreach
--
Derrik Pates | Sysadmin, Douglas School | #linuxOS on EFnet
[EMAIL PROTECTED] | District (dsdk12.net) | #linuxOS on OPN
