OK but if I set the policy OUTPUT at DROP which ports/prot I have to set = al ACCEPT? This's my problem. On Tue, 22 Oct 2002 23:05:39 +0200 kilobug@freesurf.fr (Ga=EBl Le Mignot) wrote: >=20 > Tue, 22 Oct 2002 21:12:21 +0200, tu as dit :=20 >=20 > > Ok,but in order to set the policy at DROP,which port/protocols I hav= e to set at ACCEPT to allow nmap from firewall box to anywhere nad from L= AN to anywhere? >=20 > If you don't block OUTPUT and allow ESTABLISHED and RELATED packets in = INPUT, > you don't need to open extra ports. Maybe some extra icmp for "weird" s= cans, > that's all. >=20 > --=20 > Gael Le Mignot "Kilobug" - kilobug@freesurf.fr - http://kilobug.free.fr > GSM : 06.71.47.18.22 (in France) ICQ UIN : 7299959 > Fingerprint : 1F2C 9804 7505 79DF 95E6 7323 B66B F67B 7103 C5DA >=20 > Member of HurdFr: http://hurdfr.org - The GNU Hurd: http://hurd.gnu.org >=20
