Re: iptables & tcp wrappers
From: Ansgar -59cobalt- Wiechers (bugtraq_at_planetcobalt.net)
Date: 10/04/04
- Previous message: George Theall: "Re: iptables & tcp wrappers"
- Maybe in reply to: Francisco R. Romo Alfaro: "Re: iptables & tcp wrappers"
- Next in thread: Ansgar -59cobalt- Wiechers: "Re: iptables & tcp wrappers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 4 Oct 2004 00:01:13 +0200 To: focus-linux@securityfocus.com
On 2004-09-29 harry wrote:
> Whelan, Paul wrote:
> > "iptables -L --line-numbers" will show you the line numbers of the
> > rules.
> > "iptables -A INPUT -p tcp -s ! ONLY_IP_YOU_WANT --dport 22 -j DROP" will
> > block every connection to port 22 except ONLY_IP_YOU_WANT.
>
> not really... a good firewall (IMHO) drops everything, rejects auth
> (nasty timeouts on ftp, irc, ... if you just drop auth), and accepts
> these 4(or 5) icmp requests:
> "source-quench"
> "parameter-problem"
> "time-exceeded"
> "destination-unreachable"
> and your clients probably want the "echo-request" too :)
Add "fragmentation-needed" and "echo-reply".
Regards
Ansgar Wiechers
-- "Those who would give up liberty for a little temporary safety deserve neither liberty nor safety, and will lose both." --Benjamin Franklin
- Previous message: George Theall: "Re: iptables & tcp wrappers"
- Maybe in reply to: Francisco R. Romo Alfaro: "Re: iptables & tcp wrappers"
- Next in thread: Ansgar -59cobalt- Wiechers: "Re: iptables & tcp wrappers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
