Jack Bowling wrote:
> Try the following lines instead of the above:
>
> #FTP Data fix
> $IPT -A INPUT -p tcp --sport 20 --dport 1023:65535 ! --syn -m state --state
> RELATED -j ACCEPT
> $IPT -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
> $IPT -A INPUT -p udp -s 0/0 -d $NET --dport 1023:65535 -j ACCEPT
This would be a BAD idea. It's letting ANY udp packet destined for a high port
through by the looks of it.
I'd prefer to have things working the way they should then open up holes in my
firewall.
Thanks for the suggestion though.
Jon
--
Jonathan Benson
Systems Administrator
Ocean Internet
http://www.ocean.com.au/
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
