David A. Ranch
Fri, 12 Feb 1999 03:06:22 -0500
>Why, exactly? AFAIK, there are very few services that listen on >ports >= 1024. So if you disable those services or block those >specific high ports, what's the harm in letting the rest in by >default? Well, I'm worried about the big ones. For example: # PPTP - reject /sbin/ipfwadm -O -a reject -W $extif -P tcp -S $extip/32 -D $universe/0 1723 -o /sbin/ipfwadm -O -a reject -W $extif -P udp -S $extip/32 -D $universe/0 1723 -o # Remote Winsock - Reject /sbin/ipfwadm -O -a reject -W $extif -P tcp -S $extip/32 -D $universe/0 1745 -o /sbin/ipfwadm -O -a reject -W $extif -P udp -S $extip/32 -D $universe/0 1745 -o # NFS - Reject /sbin/ipfwadm -O -a reject -W $extif -P tcp -S $extip/32 -D $universe/0 2049 -o /sbin/ipfwadm -O -a reject -W $extif -P udp -S $extip/32 -D $universe/0 2049 -o # PcAnywhere - Reject /sbin/ipfwadm -O -a reject -W $extif -P tcp -S $extip/32 -D $universe/0 5631 -o /sbin/ipfwadm -O -a reject -W $extif -P udp -S $extip/32 -D $universe/0 5631 -o /sbin/ipfwadm -O -a reject -W $extif -P tcp -S $extip/32 -D $universe/0 5632 -o /sbin/ipfwadm -O -a reject -W $extif -P udp -S $extip/32 -D $universe/0 5632 -o # Xwindows - Deny /sbin/ipfwadm -O -a reject -W $extif -P tcp -S $extip/32 -D $universe/0 6000 -o /sbin/ipfwadm -O -a reject -W $extif -P udp -S $extip/32 -D $universe/0 6000 -o --David .----------------------------------------------------------------------------. | David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] | !---- ----! `----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----' --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]