RE: iptables & tcp wrappers
From: Whelan, Paul (Paul.Whelan_at_fmr.com)
Date: 10/11/04
- Previous message: Ansgar -59cobalt- Wiechers: "Re: iptables & tcp wrappers"
- Maybe in reply to: Marcus.Zoller_at_idnt.net: "RE: iptables & tcp wrappers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 11 Oct 2004 12:23:02 -0400 To: <focus-linux@securityfocus.com>
On 2004-09-29 harry wrote:
> Whelan, Paul wrote:
> > "iptables -L --line-numbers" will show you the line numbers of the
> > rules.
> > "iptables -A INPUT -p tcp -s ! ONLY_IP_YOU_WANT --dport 22 -j DROP"
will
> > block every connection to port 22 except ONLY_IP_YOU_WANT.
>
> not really... a good firewall (IMHO) drops everything, rejects auth
> (nasty timeouts on ftp, irc, ... if you just drop auth), and accepts
> these 4(or 5) icmp requests:
> "source-quench"
> "parameter-problem"
> "time-exceeded"
> "destination-unreachable"
> and your clients probably want the "echo-request" too :)
Just so it's clear...
The question wasn't in regards to what was a "good" firewall. The
question was about asking how to only allow a certain ip to connect to
port 22 and reject the rest. That rule will do that and do it well.
Trust me. Try it on your server and see.
If the scope of the question was "What makes a good firewall?". Then
that would have been more than a single rule. <obviously>.
Thanks,
Paul
- Previous message: Ansgar -59cobalt- Wiechers: "Re: iptables & tcp wrappers"
- Maybe in reply to: Marcus.Zoller_at_idnt.net: "RE: iptables & tcp wrappers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
