connection refused means there is no firewall there on that port/protocol. a properly firewalled port will time out when a connection is attampted. as for IGMP i dont think that is even enabled in the kernel is it ?? thought only tcp/udp and icmp by default. firewalling icmp was for me, kidna complicated, as there are many types of icmp. i ended up blocking icmp type 8, which appears to block pings, but allow traceroutes. some sample rules from my configuration(linux 2.0, ipfwadm)
#caught portscanning on 9-11-99 /sbin/ipfwadm -Ia deny -P all -S 131.123.46.150 -D 0.0.0.0/0 /sbin/ipfwadm -Ia deny -P all -S 209.251.178.30 -D 0.0.0.0/0 #caught portscanning on 9-12-99 /sbin/ipfwadm -Ia deny -P all -S 207.108.153.229 -D 0.0.0.0/0 /sbin/ipfwadm -I -P icmp -a reject -S 0.0.0.0/0 8 # lots of connections to DNS 9-26-99 /sbin/ipfwadm -Ia deny -P all -S 216.32.68.11 -D 0.0.0.0/0 /sbin/ipfwadm -Ia deny -P all -S 209.67.78.202 -D 0.0.0.0/0 you could block everyone on all supported protocols(with the -P all flag) and allow each ip/protocol ..would be a lot of work i think but it'd be possible(depending on what u want to be allowed in) i also got telnet firewalled /sbin/ipfwadm -Ia deny -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 23 if you telnet to me, it will time out(my ip is 208.222.179.31) if it doesn't i will shit my pants, either that or you're comming from inside my subnets :) nate ----------------------------------------[mailto:[EMAIL PROTECTED] ]-- Vice President Network Operations http://www.firetrail.com/ Firetrail Internet Services Limited http://www.aphroland.org/ Everett, WA 425-348-7336 http://www.linuxpowered.net/ Powered By: http://comedy.aphroland.org/ Debian 2.1 Linux 2.0.36 SMP http://yahoo.aphroland.org/ -----------------------------------------[mailto:[EMAIL PROTECTED] ]-- On Tue, 26 Oct 1999, Onno wrote: > How can I equip my firewall with -STEALTH- capabilities? > > I know that TCP and UDP connections are done by > specific network demons or that inetd will startup > the necessary network demon. I'm also familiar > with tcpd within inetd. > > But how can I get my Firewall (potato) too act > like there is no computer, i.e. does not > report to the outside: > > $ telnet my_firewall > Trying 1.2.3.4... > telnet: Unable to connect to remote host: Connection refused > $ _ > > but: > > $ telnet my_firewall > Trying 1.2.3.4... > > And just trying, so that there is NO EVIDENCE WHATSOEVER > that a port (or even any computer) exists at this IP address !!! > > I want control over all the protocols: TCP, UDP, ICMP and IGMP. > For example: > - how can I disable the inetd "Connection refused" stuff (TCP/UDP) ? > - how can I disableping (ICMP) ? > - etc. > > Some elaborated info on the topic would be appreciated! > > Thanks, > > Onno > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null >
