Thanks:)
> -----Original Message-----
> From: Mikkel L. Ellertson [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 04, 2001 2:12 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: blackhole firewall rules
>
> On Thu, 4 Jan 2001, Burke, Thomas G. wrote:
>
> > Why not just reject packets on the port where they scan? I imagine they
> > usually scan the same port number.
> >
> > ie:
> > # Back Orifice
> > $IPCHAINS -A input -l -p tcp -s $ALLADDR -d $EXTERNAL_NET 31337 -j DENY
> > $IPCHAINS -A input -l -p udp -s $ALLADDR -d $EXTERNAL_NET 31337 -j DENY
> >
> > This blocks the entire outside world from accessing port 31337 (and logs
> it)
> >
> > I think you can use port ranges by using a hyphen, but I'm not
> absolutely
> > sure 'bout that. That'd be of the form:
> >
> > $IPCHAINS -A input -l -p tcp -s $ALLADDR -d $EXTERNAL_NET 0-500 -j DENY
> > $IPCHAINS -A input -l -p udp -s $ALLADDR -d $EXTERNAL_NET 0-500 -j DENY
> >
> > Although, I imagine that might break a lot of stuff...
> >
> > There is also a destination port argument, but I'm not sure if this'll
> work:
> > $IPCHAINS -A input -l -p tcp -s $ALLADDR -d $EXTERNAL_NET -dport 0-500
> -j
> > DENY
> >
> > Actually, I'd imagine this one'd be closer:
> > $IPCHAINS -A input -l -p tcp -i $EXTERNAL_IF --destination-port 0-500 -j
> > DENY
> > $IPCHAINS -A input -l -p udp -i $EXTERNAL_IF --destination-port 0-500 -j
> > DENY
> >
> > I hve no way to test this at the moment, but these are my
> inclinations...
> > Anyone else have any inputs?
> >
> Use a colon instead of a hyphen for a range of ports.
> --destination-port 0:500 instead of --destination-port 0-500
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
