FireHOL firewall, "allow all, deny x, deny y, deny z"



Hello there.

Eventhough nobody would ever want to attack a useless no-thing-doing
dedicated machine like mine, i want to add a little bit o fsecurity to
it by using a simple firewall.
I have, in the past, used "FireHOL" for these tasks.

Now, here's my problem:

I want my machine to generally allow all client ports but deny some,
and generally deny all server ports but allow some.

Now, denying all server ports but allowing specific ports is easy; By
simply writing a line for every server port i wish to allow, the rest
remains blocked.

However, how do i set it up to allow all client ports, but deny some
specific ones?

I tried to do it like this:

client all accept # Generally accept all clients
client p2p deny # Block as potentially malicious
client pop3 deny # Block as potentially malicious
client pop3s deny # Block as potentially malicious
client dcc deny # Block as potentially malicious
client emule deny # Block as potentially malicious
client imap deny # Block as potentially malicious
client imaps deny # Block as potentially malicious

However, the services i wanted to deny are still open, as they seem to
be overwritten by the "all" statement on top. How do i achieve this?

Thanks in advance!
.



Relevant Pages