On Thursday 05 April 2001 01:08 pm, you wrote: > On Thursday 05 April 2001 03:11 am, you wrote: > > I don't think anything commonly "runs" on these ports. I am also using > > pmfirewall and found 1024 to be left open by it, so I just put an entry > > in its conffig file to close it. The test I ran only goes up to 1024, > > maybe I'll add one for 1025 too. :) > > vi /usr/local/pmfirewall/pmfirewall.rules.local > > and copy one of the rules and change the port number like so: > > $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1024 -j DENY -l > > It seems to work for me. > > -s > > Yes it works, but I found out that ICQ was opening those ports. So now I > can't connect to ICQ with those ports blocked. Is having those ports open > for ICQ a problem? > > The port tester page I use is: > > http://www.mycgiserver.com/~kalish/ Having even one port open is a problem in that it tells anyone who is scanning the net looking for open machines that there is a responding machine there. So, to me, having 100 open ports is no worse than one. Even if you're on a dial up, your ip address will stay within a range easily scanned by these port scanners. But you must be able to use your software of choice or why bother with the internet at all. So, you may have to look into ip chains. There is documentation on your machine installed by mandrake on the subject and it's all over the internet. Do a google search. Now you shouldn't have to build an entire ipchain script. PMFirewall uses ipchains, so if you could find enough info to word a rule to allow icq to connect, probably much the same way realplayer or napster needs to be set up, you could add it into your pmfirewall rules. That's what'd I'd do. -s
