Hello
On Friday 17 May 2002 10:44, Erik Pagel wrote:
> Hi Leonardo
>
> the random ports are icq-user how tries to make a direct
> connection with a icq-user behind your firewall.
> I think it's not advisable to allow direct connections because
> you need a direct connection to exchange files. This could lead
> to uncontrolled filetransfer from within and into your company
> and this is a serious security hole.
>
> Try something like this:
>
> iptables -A icq -p tcp --dport 5190 -d login.icq.com -j ACCEPT
> iptables -A icq -p tcp --dport 5190 -s login.icq.com -m state
> --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A icq -p tcp --dport 5190 -s icq.com ! --syn -i
^^^^^^^
Is this allowed. I thought ippables/netfilter does not make a DNS
lookup. Or did you mean: "look it you yourself and replace it"
greetings
Axel
ICQ UIN 26122543
