You might want to put an interface specifier on these rules; otherwise somebody upstream can spoof ips through your firewall by making internal ips show up on the external interface so di bind the rule to a particular interface. This was a big problem with MS proxy 2 that wouldn't let you specify an interface for a particular rule. On Sat, Oct 28, 2000 at 01:40:23PM -0500, Kirk Wood wrote: > By the way any port can be instantly closed with ipchains. Again the > general method is: > > ipchains -A input -p tcp -d your_ip_address:port -j DENY > > This will drop the packet as if it never occured. You can change the last > part to REJECT in which case an icmp message is sent back to the > originating host. But if you DENY the packet a port scanner won't see your > machine. Don't rely on this to say you won't be attacked. It just lowers > your profile. > > By the way, while ATT at Home is less secure then some ISPs, the internet > in general is a hostile world. If you really want to secure against it cut > the connection. Next would be to find an ISP that will place you behind > their firewall. > > ======= > Kirk Wood > Cpt.Kirk at 1tree.net > > > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup -- -- Kerry Hoath: kerry at gotss.eu.org Alternates: kerry at emusys.com.au kerry at gotss.spice.net.au or khoath at lis.net.au ICQ UIN: 62823451
