[H-GEN] local dns only
Sandra Milne
silne at optusnet.com.au
Thu Dec 5 07:19:40 EST 2002
> > The easiest way perhaps is to firewall the port...
> >
> > iptables -I INPUT -p tcp --syn --dport 53 -j DROP
> > iptables -I INPUT -p udp --dport 53 -m state --state NEW -j DROP
> >
> > (or similar rules that do the same thing)
>
>Oops sorry, I had meant to add "-i eth0" to both of those rules,
>where that interface is the one on the internet side of your
>firewall.
Thanks I kinda figured that one out. I'm now blocking all ports except ssh
that were previously open to the world. I had a friend portscan me earlier
tonight and to my dismay I had several open ports that I hadn't realised
were there. I couldn't for the life of me work out how to close port 515
(somethign to do with printers and I don't even have one) but I was able to
modify your posted rules to block that too. So far none of the ports I've
blocked have stopped me doing anything on the internet, and our cable
connection is faster than it ever was!
thanks heaps!
Sandra.
silne at optusnet.com.au
http://members.optushome.com.au/silne
"[The Starships Enterprise] are like bra sizes; when you go up a letter
they get
bigger and more impressive."
-- Kewl Quote from Slashdot Post.
-------------- next part --------------
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.423 / Virus Database: 238 - Release Date: 25/11/2002
More information about the General
mailing list