Paul on Fri, 26 Sep 2003 18:22:10 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall Check

Magnus Hedemark wrote:

All tcp, udp & rpc ports seem completely filtered.

If you're running an iptables firewall you can specify how much of a given protocol you'll let in at any time ( see "--limit " in the iptables man page) which could help you somewhat if someone tries to flood you. Apparently I can ping flood you without getting dropped. I can also send some pretty huge ping packets without getting blocked. This is definitely something to look at. You might also want to take a closer look at what specific ICMP types you're passing, and under what conditions.

Please, scan me again.

I made this attempt to limit pings to one per second.

ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5

You should also see TCP 113 AUTH and UDP 53 DNS ports open now.

Opening AUTH speeds up IMAP authentication.

It's odd that I need UDP port 53 open when DNS requests go out on a high numbered port and comes back on the same port. However, it does speed up name resolution.

Philadelphia Linux Users Group        --
Announcements -
General Discussion  --