ons, 2002-04-24 kl. 19:45 skrev doggy: Disregarding NAT:
> #6665 > iptables -A FORWARD --in-interface eth0 --out-interface ppp0 --protocol tcp > --source $LAN --destination ! $LAN --sport $HIGHPORTS --dport 6665 -j > ACCEPT > # Do I really need this rule ?? > # Or can a Attacker get with this rule into my lan with source port 6665 ? > iptables -A FORWARD --in-interface ppp0 --out-interface eth0 --protocol tcp > --source ! $LAN --destination $LAN --sport 6665 --dport $HIGHPORTS -j > ACCEPT He most definitely can. You would combat this with out uses "-m state --state NEW etc" and in uses "-m state --state ESTABLISHED etc". For in to fresh UP ports, you would use: "-m state --state ESTABLISHED,RELATED etc.". Tony -- Tony Earnshaw e-post: [EMAIL PROTECTED] www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
signature.asc
Description: Dette er en digitalt signert meldingsdel
