I know you can block specific hosts, but I'm not sure you can block specific
ports on those hosts... You wouldn't want to block their server completely,
as all traffic probably passes through it.
To do that, tho, you can do this:
$IPCHAINS -A input -l -s XXX.XXX.XXX.XXX -d $EXTERNAL_NET -j DENY
I don't know about blocking a specific port, though...
> -----Original Message-----
> From: Halcyon [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 04, 2001 2:24 PM
> To: [EMAIL PROTECTED]
> Subject: Re: blackhole firewall rules
>
> ----- Original Message -----
> From: "Burke, Thomas G." <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, January 04, 2001 10:51 AM
> Subject: RE: blackhole firewall rules
>
>
> > Why not just reject packets on the port where they scan? I imagine they
> > usually scan the same port number.
>
> Sure, I can do that too. The ports I want to block are arbitrary, really.
>
> > This blocks the entire outside world from accessing port 31337 (and logs
> it)
>
> This is the problem, here. I want to keep my smtp server open to the
> world
> so I can receive email and access my imap server from work or the road,
> but
> closed to @home so they can't tell that I run my own mail server. Is
> there
> a way to deny a packet by source? I'm sure there must be.
>
> > Although, I imagine that might break a lot of stuff...
>
> Yep. So I need a rule that says: if from source IP x to y port, drop
> packet. otherwise, allow. Ideally, the rule would do a hostname lookup
> to
> see if it's from home.net, but if that's impossible I can probably just
> figure out the IP range that @home uses.
>
> Halcyon
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
