Re: [LUG] Firewall Rules

[kevin bailey <kbailey@xxxxxxxxxxxxxxxxxxx>]

hi kai,

out of curiosity - why don't you set the default policy for the INPUT 
chain to DROP?  This is surely a bit neater than having the final DROP 
line in the 'block' chain,

kev bailey

Kai Hendry wrote:

> On Sat, Feb 08, 2003 at 11:34:09 +0000, Ray Smith wrote:
>  
>
> > Should I set up additional port protection and where should I look for a
> > list ?
> >    
>
> bilbo:/home/hendry# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> block      all  --  anywhere             anywhere
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> block      all  --  anywhere             anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain block (2 references)
> target     prot opt source               destination
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:www
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ircd
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:2234
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh
> ACCEPT     all  --  anywhere             anywhere           state
> RELATED,ESTABLISHED
> ACCEPT     all  --  anywhere             anywhere           state NEW
> DROP       all  --  anywhere             anywhere
>
>
> I block all ports except www, ircd(bitlbee), 2234(Soulseek) and ssh.
>
> A list? Try /etc/services
>
> -Kai
>
> --
> The Mailing List for the Devon & Cornwall LUG
> Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
> message body to unsubscribe.
>  



--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.