-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 15 Mar 2002, Harry Putnam wrote:
>Show none of this to the internet.
Use ipchains to disallow incoming connection attempts (TCP SYN packets)
from outside your subnet:
mylan='192.168.0.0/255.255.255.0'
ipchains --append input --protocol tcp --syn \
--source ! $mylan --jump REJECT --log
You might also consider blocking udp packets from sources other than your
designated DNS servers:
# Get the list of nameservers from resolv.conf.
nslist=`grep '^nameserver' /etc/resolv.conf | cut -f 2 -d ' '`
# Now add rules to accept UDP and TCP packets from
# the name servers on the domain name service port (53).
for ns in $nslist
do
ipchains --append input --protocol udp \
--source $ns domain --jump ACCEPT
ipchains --append input --protocol tcp \
--source $ns domain --jump ACCEPT
done
# Add a rule to reject (and log) all UDP packets that are
# not from my LAN.
ipchains --append input --protocol udp \
--source ! $mylan --jump REJECT --log
>Just installing imap-2oooc-1 has setup 5 apparent daemons:
>Viewed with `chkconfig', they are not turned on, but its not clear which
>need to be turned on or if they can be started only on demand:
They are started by xinetd, if xinetd is configured to allow them to run.
You only need ipop3d.
Look at the files in /etc/xinted.d and the xinetd.conf man page and all
will be come clear ;-)
Tony
- --
Anthony E. Greene <mailto:[EMAIL PROTECTED]>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05 HomePage: <http://www.pobox.com/~agreene/>
Linux: the choice of a GNU Generation. <http://www.linux.org/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D <[EMAIL PROTECTED]>
iD8DBQE8ko4fpCpg3WyUI50RAqGmAKC4pMTH9pHz5FyZ7CY0TETIF/bHYACgrKVU
LWCQSGyYecyLP+ZLkpSOKgw=
=NGFe
-----END PGP SIGNATURE-----
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
