> >ipchains -A input -j ACCEPT -y -p tcp -s 0.0.0.0/0 20 -d yourip 1024:65535
>
> um, why bother running the firewall then? This is also the same an -P input
> ACCEPT... your allowing anyone to connect from their port 20 (easy enough
> to spoof) to your box on any port above 1023... not a great idea. Someone
> using NMap could scan all your upper ports easily.
>
> Is it that hard to type PASSIVE?
oops daft error I ment to say ports over 60000 (ie masq'd connections) and
I also run abacus sentry which _should_ stop the scans.
Tim Fletcher .~.
/V\ L I N U X
[EMAIL PROTECTED] // \\ >Don't fear the penguin<
/( )\
^^-^^
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum
immane mittam (For non-latiners: "I have a catapult. Give me all the
money, or I will fling an enormous rock at your head.")
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
