Hello guys, I am dealing with ipchain configuring a Firewall with three Ethernet adapters. The configuration is of the type « Anything authorized is rejected » To do that I wrote several shells, one per service I want to set up, declaring the authorisations. This make the complete configuration a little easyer. One think is quite surprising me: ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \ -s $EXTERNAL_IPADDR $UNPRIVPORTS \ -d $ANYWHERE 23 -j ACCEPT ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \ -s $ANYWHERE 23 \ -d $EXTERNAL_IPADDR $UNPRIVPORTS -j ACCEPT No problem with first ipchains command. The problem at my understanding level is on second command who means for me « Let enter any packet coming from Anywhere port 23 addressed to my ExternalIP Address having ACK indicator on the IP packet. If I am not wrong, this means that, after having scanned my system for opened ports, a hacker can address IP datas to any of UNPRIVPORTS with that indicator ON. Question 1) How can I make sure that those packets are real packets coming from an accepted client ? Question 2) How can I reject packets coming from telnet $EXTERNAL_IPADDRESS 80 or any other telnet out of port 23 ? Many thanks for your reply. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
