On Sun, Jun 27, 1999 at 01:14:15AM +0100, Ruairi Newman wrote:
>> Just a quick security question for you all.
>> What do you think would be the best method, in terms of both
> administration time as well as security and stability, to lock down
> individual tcp ports? i.e. The ports opened by the KPilot daemon,
> which I have had running since 2 hours after Kate mentioned it on the
> list on Friday (btw, thanks Kate, I'd been looking for something like
> that).
Ipfwadm is your friend. Man ipfw and ipfwadm
# ipfwadm -I -f # flush input rules
# ipfwadm -I -p accept # default input rule is to accept
# ipfwadm -I -a reject -P tcp -S 0.0.0.0/0 -D my.ip.3.4 6666
The last rule blocks packets from anywhere (0.0.0.0/0) to
port 6666 on your machine. If you use 'reject' an ICMP 'host
administratively unreachable' is sent back. If you use 'deny'
no ICMP response is sent.
Kenn
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
