Tom Eastep wrote: > Joerg Mertin wrote: > >> Now - Is there a specific reason why you actually lock/blacklist the >> following ports ? >> >> - udp 1024:1033,1434 >> - tcp 57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898 >> >> These should IMHO be blocked by the outside world already throuh the >> default policies. Or has it rather something to do with making sure no >> requests goes from the Laptop to the outside world through these ports ? > > Probes on those ports are very common. By blacklisting them (with > BLACKLIST_LOG_LEVEL=""), I avoid the log clutter that would otherwise > result.
I should add that it would be more efficient to place equivalent DROP rules
at the bottom of the rules file.
DROP net fw udp 1024:1033,1434
DROP net fw tcp \
57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898
If I did that, a restart would be required to update the port list. I got in
the habit of using the blacklist file because I could update the list of
ports using a "shorewall refresh" which has traditionally been much faster
than "shorewall restart".
With Shorewall-perl, "refresh" and "restart" take almost the same amount of
time on my systems so I really should move these into the rules file.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
