At 12:48 am, Sunday, March 23 2003, t mumbled:
> iptables -A OUTPUT -p tcp -o eth0 --dport 5100 -j ACCEPT
> iptables -A OUTPUT -p udp -o eth0 --dport 5100 -j ACCEPT
> iptables -A OUTPUT -p tcp -o eth0 --sport 5100 -j ACCEPT
> iptables -A OUTPUT -p udp -o eth0 --sport 5100 -j ACCEPT
> iptables -A INPUT -p tcp --dport 5100 -j ACCEPT
> iptables -A INPUT -p udp --dport 5100 -j ACCEPT
> iptables -A INPUT -p tcp --sport 5100 -j ACCEPT
> iptables -A INPUT -p udp --sport 5100 -j ACCEPT
>
Personally, I wouldn't do that. I have a Linux firewall with iptables, and
my 2 sisters connect to MSN Messanger just fine, and I haven't allowed any
special ports inbound. What I do is use connection tracking, like so:
iptables -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j
ACCEPT
Stateful firewall inspection, like that above, is much better than opening
up ports in the config, like you had to do with ipchains.
Cheers,
--
Steve
> Whatever happened to all the Debian evangelists?
I ate them.
-- Andrew Suffield
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
