Hello, everyone. I'm hoping to set up an effective packet-filtering
scheme which utilizes iptables on a Debian linux machine. I've been
experimenting with it quite awhile, and I decided to see what the
following command would do:
iptables -t filter -P INPUT DROP
This prevents all incoming packets. If the default policy is DROP, then
in order to do an ssh from one of my internal machines I need to:
iptables -t filter -A INPUT -p tcp --sport 22 -j ACCEPT
Which allows incoming TCP connections on port 22, allowing the ssh
communication to work.
Here's my question. How can I configure this machine to dynamically open
the ports necessary for users? Some of the users in here like to listen
to realaudio streams while some like to use the Instant Messenger client
software. Are there specific configurations that will be necessary for
each individual application?, or is there some way to configure the
machine to automatically open ports requested by users' apps?
Any corrections to my (mis)understandings of firewalls are welcome; I
only request politeness. ;)
Take care,
Garrett
