Scott,
In short, this should not be advised, since a service/daemon could bind to
any port including port greater than 1024. There might be a few reasons
this has been widely practiced, possibly because of ftp, possibly because
it was assumed nothing is listening on these ports, etc...
The general rule of thumb is to deny everything, up to port 65535, any
protocol, any source, any destination. Then making explicit permits based
on your level of trust and definitions of your perimeter.
To add a level of granularity, focusing on return TCP traffic, with the
established bits set will add greater control.
--truman
On Wed, 20 Jun 2001, Scott H wrote:
> In many IPchains scripts I see ports above 1024 set to accept in-bound
> traffic on TCP and UDP. There is usually a comment to the effect of
> ports above 1024 are fair game. Could some one explain why this is
> considered to be ok? In my case I am using a linux firewall for my home
> network.
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
