Ipchains Woes
Steve Holmes
plug-discuss@lists.plug.phoenix.az.us
Wed, 27 Feb 2002 22:03:49 -0700 (MST)
More developments. I took the same script I put in a previous message and
added the line:
ipchains -A input -p udp --dport 1024:65535 -j ACCEPT
Now everything seem to work from the inside point of view.
One question now, that sounds awfully wide open to me. I'm not familiar
enough with a complete map of tcp and udp ports to know what is safe to
have open and which should be closed. The obvious ones, I don't allow in
unless I specifically want them like ftp, telnet, ssh, mail(25), pop3,
imap, etc. I understand them well but these upper ports are more unknown
to me. I open them up and I get responses from DNS lookups and the other
stuff works.
Does this all make sense? Should I pare down the upper ports?
In summary, the scripts that open things up is as follows:
ipchains -A input -p tcp ! -y --dport 1024:65535 -j ACCEPT
ipchains -A input -p udp --dport 1024:65535 -j ACCEPT
(Assuming no typos here).
Appreciate the help thus far; we're getting there. Once I get this
finally worked out, I'm gonna stick this into the endoshield script which
has a lot of neet options and that script will work with ipchains and
iptables when I go to iptables later on.