If I were you, I'd block ALL ports and open only the
ones you want to access (ftp, telnet, etc). There are
many programs out there that could cause you issues,
that live above the 1024 limit.
As far as using the higher ports, these are usually
used when you connect to something (they are randomly
selected). To get around this, you can tell iptables
to allow the packets if they do not include a SYN.
This prevents new connections from being made on those
ports, but allows your PC to use existing connections
(That your previous firewall rules would allow).
# Allow TCP packets that are not SYN
iptables -I INPUT -j ACCEPT -p tcp ! --syn
Hope this helps
Joe
--- Jens Georg
hi,
i have written my own firewall script to protect my homelan using iptables. i drop all connections from the outside made to ports 0-1023 and accept all connects to port 1024 and above. this protects my system from connects via telnet, ssh, ftp aso., but are there any of the upper ports that i should block as well ? i left them untouched, because data is transfered on the higher ports after connection has been established.
-- gruss,jens
---------------------------------------------------------------------------
instant networks - netzwerkmanagment & internetfullservices
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
===== Joseph Hobbs Ionic Productions LLC hobbsj@somecrazyfool.com __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com