Re: ipfwadm rule
Hi, There is a modular firewall shell-script called gmmf that should do what you are after. It's pretty simple to set up, and denies all ports by default, and requires you to open any specific ports you want to use. Have a search on http://freshmeat.net for gmmf to find it. Cheers, damon On Fri, Oct 29, 1999 at 08:41:37PM +0200, Pere Camps was heard to state: Hi! set your default policies to DENY (instead of ACCEPT) and try again ..everything will be blocked except what you specifically state should be allowed in (dont try this from remote! you may lose access to the machine) I've already tried that way, but it doesn't work out the way I like it. -- p. -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- Damon Muller ([EMAIL PROTECTED]) / It's not a sense of humor. * Criminologist / It's a sense of irony * Webmeister / disguised as one. * Linux Geek / - Bruce Sterling
ipfwadm rule
Hi! I'm trying to set up my home box (connected via PPP to the internet to do the following): a) Deny everything incoming (tcp,udp,icmp) b) Accept only DNS udp connections c) Accept incoming tcp data for only the connections that I have initiated. So far I've got this working: a) no problem b) I accept udp connections from the domain port to the 1024:65535 c) I accept tcp connections from any port that's below 1024 Problems: c) They can still telnet me if doin'g it as root. The same for b). Does anybody know the right ipfwadm rule for what I want and even if this setup is possible? TIA! -- p.
Re: ipfwadm rule
set your default policies to DENY (instead of ACCEPT) and try again ..everything will be blocked except what you specifically state should be allowed in (dont try this from remote! you may lose access to the machine) (use ipfwadm -p DENY) nate [mailto:[EMAIL PROTECTED] ]-- Vice President Network Operations http://www.firetrail.com/ Firetrail Internet Services Limited http://www.aphroland.org/ Everett, WA 425-348-7336http://www.linuxpowered.net/ Powered By:http://comedy.aphroland.org/ Debian 2.1 Linux 2.0.36 SMPhttp://yahoo.aphroland.org/ -[mailto:[EMAIL PROTECTED] ]-- On Fri, 29 Oct 1999, Pere Camps wrote: Hi! I'm trying to set up my home box (connected via PPP to the internet to do the following): a) Deny everything incoming (tcp,udp,icmp) b) Accept only DNS udp connections c) Accept incoming tcp data for only the connections that I have initiated. So far I've got this working: a) no problem b) I accept udp connections from the domain port to the 1024:65535 c) I accept tcp connections from any port that's below 1024 Problems: c) They can still telnet me if doin'g it as root. The same for b). Does anybody know the right ipfwadm rule for what I want and even if this setup is possible? TIA! -- p. -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: ipfwadm rule
Hi! set your default policies to DENY (instead of ACCEPT) and try again ..everything will be blocked except what you specifically state should be allowed in (dont try this from remote! you may lose access to the machine) I've already tried that way, but it doesn't work out the way I like it. -- p.
ipfwadm rule
Hi! Finally I got the question from my previous message working. I had to deny only the packets with the SYN set. -- p.