>Why, exactly? AFAIK, there are very few services that listen on
>ports >= 1024. So if you disable those services or block those
>specific high ports, what's the harm in letting the rest in by
>default?
Well, I'm worried about the big ones. For example:
# PPTP - reject
/sbin/ipfwadm -O -a reject -W $extif -P tcp -S $extip/32 -D $universe/0 1723 -o
/sbin/ipfwadm -O -a reject -W $extif -P udp -S $extip/32 -D $universe/0 1723 -o
# Remote Winsock - Reject
/sbin/ipfwadm -O -a reject -W $extif -P tcp -S $extip/32 -D $universe/0 1745 -o
/sbin/ipfwadm -O -a reject -W $extif -P udp -S $extip/32 -D $universe/0 1745 -o
# NFS - Reject
/sbin/ipfwadm -O -a reject -W $extif -P tcp -S $extip/32 -D $universe/0 2049 -o
/sbin/ipfwadm -O -a reject -W $extif -P udp -S $extip/32 -D $universe/0 2049 -o
# PcAnywhere - Reject
/sbin/ipfwadm -O -a reject -W $extif -P tcp -S $extip/32 -D $universe/0 5631 -o
/sbin/ipfwadm -O -a reject -W $extif -P udp -S $extip/32 -D $universe/0 5631 -o
/sbin/ipfwadm -O -a reject -W $extif -P tcp -S $extip/32 -D $universe/0 5632 -o
/sbin/ipfwadm -O -a reject -W $extif -P udp -S $extip/32 -D $universe/0 5632 -o
# Xwindows - Deny
/sbin/ipfwadm -O -a reject -W $extif -P tcp -S $extip/32 -D $universe/0 6000 -o
/sbin/ipfwadm -O -a reject -W $extif -P udp -S $extip/32 -D $universe/0 6000 -o
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
