I apologize for my lack of knowledge. Ok, but I have some doubts as far as how I would go about first blocking all traffic "anywhere" from the servers lan except for the few ports allowed.
For example, won't dns requests use random source ports when queries are made? Something like (from lsof on the server), I have some named entries like this: named 1620 named 29u IPv4 102898568 TCP server1.americasnet.com:32858->cpe-24-24-238-161.socal.res.rr.com:domain (SYN_SENT) named 1620 named 30u IPv4 102906041 TCP server1.americasnet.com:57631->cpe-24-24-213-189.socal.res.rr.com:domain (SYN_SENT) If I REJECT all traffic, would random source ports like this be blocked, or would opening up domain take care of that? Another question, should the REJECT rule be at the end of the rules file so that it picks up only after all the ACCEPT rules? On Mon, 2008-09-08 at 19:43 -0700, Tom Eastep wrote: > Ricardo Kleemann wrote: > > > However I understand I need to also block outbound for those ports as > > being sources as well. How would I go about doing that? > > I have no idea what you are talking about. The rules that you posted looked > adequate to me (or at least as adequate as is possible in your case). > > -Tom > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
