FireHOL firewall, "allow all, deny x, deny y, deny z"



Hello there.

Eventhough nobody would ever want to attack a useless no-thing-doing
dedicated machine like mine, i want to add a little bit o fsecurity to
it by using a simple firewall.
I have, in the past, used "FireHOL" for these tasks.

Now, here's my problem:

I want my machine to generally allow all client ports but deny some,
and generally deny all server ports but allow some.

Now, denying all server ports but allowing specific ports is easy; By
simply writing a line for every server port i wish to allow, the rest
remains blocked.

However, how do i set it up to allow all client ports, but deny some
specific ones?

I tried to do it like this:

client all accept # Generally accept all clients
client p2p deny # Block as potentially malicious
client pop3 deny # Block as potentially malicious
client pop3s deny # Block as potentially malicious
client dcc deny # Block as potentially malicious
client emule deny # Block as potentially malicious
client imap deny # Block as potentially malicious
client imaps deny # Block as potentially malicious

However, the services i wanted to deny are still open, as they seem to
be overwritten by the "all" statement on top. How do i achieve this?

Thanks in advance!
.



Relevant Pages

  • Easy VPN - client doesnt get config from server
    ... The client end can ping my public interface and I can ping ... crypto map dynmap client authentication list localuser ... access-list 100 deny ip host 255.255.255.255 any ...
    (comp.dcom.sys.cisco)
  • Re: FireHOL firewall, "allow all, deny x, deny y, deny z"
    ... dedicated machine like mine, i want to add a little bit o fsecurity to ... I want my machine to generally allow all client ports but deny some, ... denying all server ports but allowing specific ports is easy; ...
    (comp.os.linux.security)
  • unable to get printer status (client -error forbidden) - of print server
    ... status (client -error forbidden)" of print server... ... Deny From All ... AuthType None ...
    (Fedora)
  • Re: IPCHAINS
    ... CLIENT but traffic on the LAN is flowing, all i want to do is allowa ... /sbin/ipchains -P input DENY ... #Deny packets from internet claiming to be from localhost and log ...
    (RedHat)
  • Access to PDC.
    ... Which server ports does the client contact to access the microsoft domain?. ... Alex. ...
    (microsoft.public.windows.server.general)