Ipchains Woes

Craig White plug-discuss@lists.plug.phoenix.az.us
26 Feb 2002 09:01:18 -0700


On Tue, 2002-02-26 at 07:06, David A. Sinck wrote:
> 
> 
> \_ ipchains -A input -i eth1 -p ! -y --dport 1025:65535 -j ACCEPT
> 
> ipchains have been a while, but doesn't -p require an argument like
> 'tcp' or 'udp'?  That feels like a tcp rule.
> 
---
sounds right to me
---
> \_ That is interesting in itself.  My Static ip is 24.221.xx.xx
> 
> <aside>
> Does it make anyone else nervous this thread:
> 
> --> my firewall doesn't work
> --> I seem to currently only get it to work when it's wide open
> --> my internal IPs are
> --> my external IP is
> 
> To me, it *seems* like an invitation for malcontents to portscan you
> box so far that you'll have to get clearance from Customs to bring it
> back in.  
> 
> It's nice that you're trusting and all, but there are some
> ne'er-do-wells out there and google crawls the list archives
> occassionally.
> </aside>
> 
---
I suppose if we help him - then it's a good thing and I personally found
that I had to wipe and start over a few times to undo some of the damage
I did as a newbie anyway. The biggest problem here is that he will want
to go to 2.4 kernel and most of what is learned in ipchains will have
gone by the wayside.

Craig