hi,
i have written my own firewall script to protect my homelan using iptables. i drop all connections from the outside made to ports 0-1023 and accept all connects to port 1024 and above. this protects my system from connects via telnet, ssh, ftp aso., but are there any of the upper ports that i should block as well ? i left them untouched, because data is transfered on the higher ports after connection has been established.
A rule like:
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
would also imho be a good solution. With that rule, all connections which are established or are related to one established connection would go through.
But only with effect, if the default policy 4 the INPUT chain is set to DROP/DENY So check that. Michael Appeldorn