From: kevin lyda (kevin at domain suberic.net)
Date: Fri 28 Jul 2000 - 17:27:42 IST
On Fri, Jul 28, 2000 at 04:59:42PM +0100, Martin Feeney wrote:
> ## allow ssh on ppp0
> #/sbin/ipchains -A input -j ACCEPT -i ppp0 -d <ip of ppp0>/32 22 -p tcp
dynamic ip? i'd need to do that for any other services on ppp0 as well,
yes. and the deny stops ftp from working (except via pasv)?
> ## block outgoing SMB
> #/sbin/ipchains -A input -j DENY -d 0/0 137 -s <internalnetwork/mask> -p
> udp -l
ah, no windows boxes, don't need that. ah...
> on top of that I'd set hosts.deny to ALL:PARANOID and try to get mysql to
> only listen on the address(es) of eth*. Also I'd remove all trace of tftp
> and exorcise my machine afterward unless there is a _REALLY_ desperate
> need for it. I'd also kill all rsh/rlogin/etc. servers.
i need tftp and i need rsh. i like this command:
tar zcf - dir|rsh inle 'cd newdir;tar zxf -'
it saves me from going out and buying a 100mb hub plus cards. the deny
command would close all that up anyway, right?
-- kevin at domain suberic.net nothing witty here. fork()'ed on 37058400 meatspace place: work
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:07:01 GMT