Dan, this got me thinking.... I realize you may not have the
answer, but someone here might.
Suppose someone has a High-Bandwidth connection, DSL or Cable,
and wants to run services, such as httpd. They also have
an ISP who has one of the "no-services" policies. If you
use ipchains to block the IPs assigned to your provider,
could you "Mask" those services from any port scanning
software that the ISP might be using? IOW, could you arrange
that the only way the ISP would be able to detect the
service was to either use a packet sniffer, or to go outside
the native IPs of the ISP and sniff from outside the ISP?
That's a bit.... unethical, I guess... but it seems like
an easy way of getting around some of the restrictions
that ISPs put on server machines.
Bill Ward
-----Original Message-----
From: Dan Browning [mailto:[EMAIL PROTECTED]]
Sent: Saturday, October 14, 2000 12:24 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Thanks & port 80 filtering by IP
Woo hoo!
Thanks again to Chad M. Stewart, he's solved my (retarded) problem! I will
write on the chalkboard three hundred times:
ipchains uses the first rules that matches
ipchains uses the first rules that matches
ipchains uses the first rules that matches
ipchains uses the first rules that matches
ipchains uses the first rules that matches
...
All I had to do was reverse the order of my code, like the following. Now I
have an awesome firewall. If anyone was wondering why I would want to do
such an allow thing, it happens to have something to do with AT&T's @Home
cable restrictions. (e.g. you are not allowed to run an HTTP server or FTP
server).
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
