Re: allow ports above 1024
From: Jem Berkes (jb@users.pc9.org)
Date: 02/05/03
- Next message: jack: "Re: Iptable Configuration Problems"
- Previous message: Bryan Packer: "Re: allow ports above 1024"
- In reply to: Whoever: "Re: allow ports above 1024"
- Next in thread: Bryan Packer: "Re: allow ports above 1024"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jem Berkes <jb@users.pc9.org> Date: Wed, 05 Feb 2003 02:57:38 GMT
> Why not use the stateful capabilities of netfilter (iptables) to allow
> the return packets ("--state=established,related").
Ditto on that. This is a tremendous advancement with the 2.4 kernel. You
can essentially tell the network stack to only allow packets that belong to
a legitimate, currently established network connection. So random probes
from attackers see nothing at all open your system, while packets that are
needed for an active connection (e.g. ftp, http, whatever) flow through
without problems.
-- Jem Berkes http://www.pc-tools.net/ Windows, Linux & UNIX software
- Next message: jack: "Re: Iptable Configuration Problems"
- Previous message: Bryan Packer: "Re: allow ports above 1024"
- In reply to: Whoever: "Re: allow ports above 1024"
- Next in thread: Bryan Packer: "Re: allow ports above 1024"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
