Re: [PLUG] Firewall Check

[Paul <emailme@dpagin.net>]

Magnus Hedemark wrote:

> All tcp, udp & rpc ports seem completely filtered.
>
> If you're running an iptables firewall you can specify how much of a given 
> protocol you'll let in at any time ( see "--limit " in the iptables man page) 
> which could help you somewhat if someone tries to flood you.  Apparently I 
> can ping flood you without getting dropped.  I can also send some pretty huge 
> ping packets without getting blocked.  This is definitely something to look 
> at.  You might also want to take a closer look at what specific ICMP types 
> you're passing, and under what conditions.
>  

Please, scan me again.  68.46.172.168

I made this attempt to limit pings to one per second.

ACCEPT     icmp --  anywhere             anywhere           icmp 
echo-request limit: avg 1/sec burst 5

You should also see TCP 113 AUTH and UDP 53 DNS ports open now.

Opening AUTH speeds up IMAP authentication.

It's odd that I need UDP port 53 open when DNS requests go out on a high 
numbered port and comes back on the same port.  However, it does speed 
up name resolution.

_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug