Charlie Brady
Fri, 24 Aug 2001 21:10:32 -0700
On Sat, 25 Aug 2001, Brossin Pierrick wrote: > I'm trying to close the port 95 on eth1 (external network) > so user from the internet cant get connected to it. > > Here is why I didnt and it actually didnt work :( What makes you say that it doesn't work? What makes you think that people from the internet can connect to port 95? That port is blocked by the packet filter, and in any case, no process is listening to it, so nobody can connect anyway. If people connect to port 95, what program do they connect to? > mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq > cp -rf /etc/e-smith/templates/etc/rc.d/init.d/masq > /etc/e-smith/templates-custom/etc/rc.d/init.d > vi 45DenyPort95 > I wrote "/sbin/ipchains -A input -p tcp -s $OUTERNET 95 -d 0/0 -j denylog" That rule says that inbound packets going to any port, at any address, will be blocked if they come from port 95 of your external IP address. I don't think that's what you have intended. What you mean, I think, is the opposite: /sbin/ipchains -A input -p tcp -s 0/0 -d $OUTERNET 95 -j denylog But in any case, this is the default case, is it not? > I saved it > then /sbin/e-smith/expand-template /etc/rc.d/init.d/masq > then service masq restart. > > But it's still accessible... Who says it is? Charlie Brady [EMAIL PROTECTED] Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org