"Bjornson, Matt" wrote:
> I did not see anything there about letting mail and web services
> through...any ideas? I simply copy and save this to rc.local?
Sure, set:
PARANOID_DEV="eth1"
PARANOIA_ALLOWS_PORTS="25 80"
Assuming that eth1 is the publicly available ethernet device. This will
close all ports < 1024 and 6000-6010 on that interface, except for 25
and 80, which will remain open.
I suggest allowing ports "22 25 80 443", so that you can also access the
machine via ssh and https, but only if you run those services.
I'd install the script as /etc/rc.d/rc.firewall, and add:
sh /etc/rc.d/rc.firewall
to the end of /etc/rc.d/rc.local
MSG
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
