* Jean-Marc Boursot <[EMAIL PROTECTED]> [010406 21:09]: > They allow telnet and not ssh? Nice!
yeah, afraid of the port-forwarding capabilities in ssh. i can see their point but i'm just as leery of clear-text transmission. oh, well. > So you can turn it off. should of thought of that myself. :) > What about portmap? You can turn it off either and filter port 25 if > you have a mail daemon running. In fact, you can drop all external tcp > connections to ports below 1024 (except 23), and drop all SYN > connections to ports above 1024. You can also filter ICMP. Check > gShield (http://linuxmafia.org/~godot/gshield.html): it has very > restrictive rules. i've already disabled portmap and mail demon too. i guess i should look into setting up a firewall on my debian box. i already have iptables installed. just need to recompile my kernel to support it. i just keep thinking that it's overkill to have my hw firewall and then another firewall set up in software on my box. thanks for the advice, vinh
