On Wed, 11 Oct 2000, Chris Harvey wrote:
> So are we supposed to leave 1024-65535 open for INPUT? Or do you close them
> down?
>
You set them so the only accept replys to outgoing connections. Here is
one setup that allows connection to a remote time server. 64.34.45.209 if
the IP of firewall machine.
#
# Open the firewall for the time server.
#
ipchains -I output -i eth0 -p tcp \
-s 64.34.45.209 1024:65535 \
--destination-port 13 -j ACCEPT
ipchains -I input -i eth0 -p tcp ! -y \
--source-port 13 \
-d 64.34.45.209 1024:65535 -j ACCEPT
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
