On Thu, 29 Mar 2001, you wrote:

I am administering a system that needs access to certain ports, but I do not want to restrict access to these ports for these programs. The ports are 5555 and 7000. How do I do this do that it is still secure and won't create any security holes.

thank you, michael

--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

well who do u want to have access to the host (all? or single ips?) when it are single ips u can use the ipchains -I input -p tcp-s thefromip -d yourinternetip portnumber -j ACCEPT and after that ipchains -A input -p -s 0/0 -d urip port -j REJECT.. then only the accepted ips can enter.. otherwise make sure u cant login to that port using telnet etc (like an ftp server wich u can access with telnet and then turn it off( www.dutchriot.com)) hope that u have something about it greetz remko (NightWatcher IRCop@irc.quicknet.nl) Security Admin / advisor -------------------------------------------------------