[CLUE-Tech] More firewalling questions...
Timothy C. Klein
teece at silverklein.net
Thu Feb 15 21:56:07 MST 2001
I was wondering about the -y connection flag, too. Also, on older
versions of bind, I seem to recall reading that it uses port 53 even for
outbound traffic, thus from anywhere port 53 TO mymachine port 53 is a
possiblity.
Tim
On Thu, Feb 15, 2001 at 07:20:19PM -0800, Brandon N wrote:
> if your running a bind server, the source port is 53, not the
> destination
>
>
>
> >
> > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
> > -s $IPADDR $UNPRIVPORTS \
> > -d $ANYWHERE 53 -j ACCEPT
> >
> What you're saying here is that anything from your unpriveleged ports
> can connect to port 53, what about a rule saying anything from your
> port 53 can get out?
>
>
> > ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
> > -s $ANYWHERE 53 \
> > -d $IPADDR $UNPRIVPORTS -j ACCEPT
>
> I'm not quite sure I understand why you're using the -y
>
> Brandon
>
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail - only $35
> a year! http://personal.mail.yahoo.com/
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
--
===================================================================
== Timothy Klein || And what rough beast ==
== teece at hypermall.net || Its hour come round at last ==
== Aufwiedersehen! || Slouches towards Bethlehem to be born? ==
== Aufwiedersehen! || The beast of Redmond, nothing more. ==
===================================================================
More information about the clue-tech
mailing list