<quote who="Simon Wong">
> Is it "right" (secure) that any user initiated connections e.g. icq are
> allowed through as they are connecting in response to an internal
> request?
That's a basic stateful setup, so yes, it's okay. Other networks may require
more stringent rules, however. :)
> However, if I wanted to explicitly block ports always, what would I have
> to do?
Not sure what you'd have to do within the context of your firewall building
software, but:
iptables -A INPUT -j DROP -d $ipaddress/$netmask --dport 22
would stop you from ssh'ing in to your machine... Probably not a good idea,
but it's a good example. ;)
- Jeff
--
What do you get when you cross a web server and a hen?
Apoache.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
