Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] What are these?
Hi,

not directly to what Steffen has written, but

Steffen Dettmer:
> * Kevin Creason wrote on Mon, Feb 12, 2001 at 17:22 -0600:
> > I even ran ipchains with these arguments:
> > /sbin/ipchains -A input -p TCP -d 0.0.0.0./0 0:65535 -i ppp0 -l -j DENY
> > /sbin/ipchains -A input -p UDP -d 0.0.0.0./0 0:65535 -i ppp0 -l -j DENY
> > /sbin/ipchains -A input -p ICMP -d 0.0.0.0./0 0:65535 -i ppp0 -l -j DENY

If you 'A'ppend your rules to your ipchains, the short-circuiting will allow
packet which matches any other rule with a lower ipchains number (ipchains -L
-v --line-numbers)

Try to 'I'nsert (rule number 1) them: (ipchains -I input 1 ...)

> That allows still a lot (all other IP protocols). Ports make no
> sense for ICMP. To drop anything you could use:
>
> /sbin/ipchains -A input -i ppp0 -l -j DENY

> If you're really paranoid you could use:
> /sbin/ipchains -A input $ALLOWED_OPTIONS -i ppp0 -l -j ACCEPT
> to log allowed packets too, but you will get a lot of logs.

Same as above. You will not see any logentries for accepted packets.

Peter Wiersig

< Previous Next >
Follow Ups