This is what you aked me to do: ------------------------------------
REJECT udp -- anywhere anywhere
udp dpts:0:1023 reject-with icmp-port-unreachable
This is the one you're after. For testing, take it out from "/etc/sysconfig/iptables".
Contents of /etc/sysconfig/iptables: -----------------------------------
# Firewall configuration written by lokkit # Manual customization of this file is not recommended. # Note: ifup-post will punch the current nameservers through the # firewall; such entries will *not* be listed here. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Lokkit-0-50-INPUT - [0:0] -A INPUT -j RH-Lokkit-0-50-INPUT -A FORWARD -j RH-Lokkit-0-50-INPUT -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth1 -j ACCEPT -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT COMMIT
Which lines do you want me to take out? Or should I use a utility to configure the firewall? If so, what is its name?
Thanks, -Mike.
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
