used [Thanks, Solved]
Reply-To:
In-Reply-To: <[EMAIL PROTECTED]>
X-Operating-System: GNU/Linux on a i686
Tom Eastep <[EMAIL PROTECTED]> wrote:
| mess-mate wrote:
| > Tom Eastep <[EMAIL PROTECTED]> wrote:
| > | mess-mate wrote:
| > | > Tom Eastep <[EMAIL PROTECTED]> wrote:
| > | > | mess-mate wrote:
| > | > | > Is there a way to setup the rules for closing all not used ports
| > | > | > explicitely manually ?
| > | > | > As for example in the policy at the end:
| > | > | > # THE FOLLOWING POLICY MUST BE LAST
| > | > | > all all
| > | > |
| > | > | That's exactly what that policy is intended to do.
| > | > |
| > | > Ok, so if i set it to:
| > | > all all DROP
| > | > DROP=ignore isn't, why are these ports responded as 'closed' ?
| > | >
| > | > If i set for example in the rules:
| > | > DROP net fw tcp 0:60
| > | > all thes ports do not respond, here the 'ignore' works.
| > |
| > | What is your entire policy file?
| > |
| > loc net ACCEPT
| > loc dmz ACCEPT
| > loc $FW ACCEPT
| > loc rtr ACCEPT
| > loc all DROP info
| > $FW net ACCEPT
| > $FW dmz ACCEPT
| > $FW loc ACCEPT
| > $FW all DROP info
| > dmz net ACCEPT
| > dmz $FW ACCEPT
| > dmz loc DROP info
| > dmz all DROP info
| > net dmz ACCEPT
| > net $FW ACCEPT
|
| The above two policies are a security disaster. They make your firewall and
| your DMZ wide open to attack from the net.
|
BRRRRR.. thanks Tom, changed immediately.
Only port 80 is open for accessing the webserver in the dmz.
mess-mate
--
Don't worry. Life's too long.
-- Vincent Sardi, Jr.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
