Joon Guillen wrote: > Thanks for the rules. BTW, is the -y flag equivalent to the --syn flag on > iptables? Sorry I forgot :P
You're welcome. I adapted it from _Securing and Optimizing Linux_ freely from LDP. As for the -y flag, Gino's answered it already. > > ipchains -A input -i $INTERNAL_INTERFACE -p tcp ! -y \ > > -s $SMTP_SERVER 25 \ > > -d $INTERNAL_IPADDR $UNPRIVPORTS -j ACCEPT This is the provision for accepting responses from the mail server in the SMTP dialogue (HELO ..., 220 ..., FROM, etc.) The ! -y here is a safeguard against attackers that use port 25 to try to establish connection to your host's unprivileged ports. This assumes that you have a default policy of DENY somewhere in your rules. This rule is part of a ruleset which has a default policy of DENY and explicitly defines all the rules for the packets that a host expects to accept. Mabusisi ito. But it would make for tight security. BTW you won't need the -i option anymore if you have only one network interface. -- Benjamin Oris Jr. ImagineAsia Digital Animation Studio http://www.imagineasia.com _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
