On Wed, 2002-07-24 at 11:08, Steffen Dettmer wrote:
* Ray Leach wrote on Mon, Jul 22, 2002 at 15:06 +0200:
On Mon, 2002-07-22 at 14:49, Thiego Xavier (MIU) wrote: To enable Kazaa clients to share with other internet users: iptables -A FORWARD -p tcp --dport 1214 -j ACCEPT
iptables -A FORWARD -i $INTERNAL_INTERFACE -p tcp --dport 1024: -s $INTERNAT_NET -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i $INTERNAL_INTERFACE -p udp --dport 1024: -s $INTERNET_NET -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Why UDP? Shouldn't this get blocked on the extrenal interface (such a "default" rule assumed)? And isn't Kaaza using userport->1214 alway? And if so, why allowing connections to all user ports here?
iptables -A FORWARD -i $INTERNET_INTERFACE -p tcp --sport 1024: -d $INTERNAL_NET -m state --state ESTABLISHED,RELATED -j ACCEPT
Why not additionally requiring --dport 1214?
Sorry, I use these rules to allow passive ftp as well.
oki,
Steffen
-- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here