RE: Source Port

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Title: Meddelande
 
-----Original Message-----
From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Dharmendra.T
Sent: Tuesday, April 15, 2003 1:02 PM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Source Port

Hi Everyone,

I am a regular reader of this list and I have absorbed that most of the users won't use the source ports in their rules. Say for ex,

#iptables -A INPUT -s 192.168.1.0/24 -p tcp -d 0/0 --dport 23 -j ACCEPT

In these kind of rules they will not specify the source port from 1024 to 65545. I strongly recommend all Linux Users to specify the exact rules what is allowed and what is not allowed.

Any Comments? This could be a good practise? 
-- 
Regards
Dharmendra.T


This message is intended for the addressee only. It may contain privileged or Confidential information. If you have received this message in error,please notify the sender and destroy the message immediately.Unauthorised use or reproduction of this message is strictly prohibited.
 
If you have a personal firewall (only INPUT, OUTPUT) and only ONE ip. It's not nesecary to put --source. However if you have more than ONE ip you could have use for the --source and --sport.
Myself always add stronger rules to my firewall using --sport --source --destination --dport --in-interface --out-interface. And ending up with more rules  :-(.
I think that adding stronger rules-set make hacking harder. But will add more administrations to the firewall.
Ex. Adding strong firewall rules to smb is a pain. But thanks to the --state the numbers of rules will be shortend.
 
/Klintan
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux