[CLUE-Tech] More firewalling questions...
Brandon N
bneill at yahoo.com
Thu Feb 15 20:20:19 MST 2001
if your running a bind server, the source port is 53, not the
destination
>
> ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
> -s $IPADDR $UNPRIVPORTS \
> -d $ANYWHERE 53 -j ACCEPT
>
What you're saying here is that anything from your unpriveleged ports
can connect to port 53, what about a rule saying anything from your
port 53 can get out?
> ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
> -s $ANYWHERE 53 \
> -d $IPADDR $UNPRIVPORTS -j ACCEPT
I'm not quite sure I understand why you're using the -y
Brandon
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
More information about the clue-tech
mailing list