On Tue, 19 Feb 2002 01:20:55 +0100
Jens Georg
hi,
i have written my own firewall script to protect my homelan using iptables. i drop all connections from the outside made to ports 0-1023 and accept all connects to port 1024 and above. this protects my system from connects via telnet, ssh, ftp aso., but are there any of the upper ports that i should block as well ? i left them untouched, because data is transfered on the higher ports after connection has been established.
A rule like: iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT would also imho be a good solution. With that rule, all connections which are established or are related to one established connection would go through. regards, Jan -- Jan Räther Universität Hamburg Zentrum für Molekulare Neurobiologie Service-Gruppe EDV Falkenried 94 20251 Hamburg Germany Tel.: 040 - 428 - 03 - 6619 Fax.: 040 - 428 - 03 - 6621 When you try to make an impression, the chances are that is the impression you will make.