Request for help: Debian firewall,
and maybe some kernel upgradetips
Jack
quiet_celt at yahoo.com
Fri Apr 15 11:04:22 CDT 2005
--- Brad wrote:
>
>
> The default policy for the Output chain is usually
> ACCEPT, so there is
> no need to open outbound ports specifically. The
> ACCEPT statement on
> the ESTABLISHED,RELATED line will allow connections
> to the unprivileged
> ports since they are related to the connection on
> port 21. I believe
> ip_conntrack_ftp helps with this.
Right, I wnet back and looked at Chris's post. I
thought he set in and out to default to drop. Which he
didn't.
Thanks for clarifying the ESTABLISHED,RELATED context.
I've wondered about that before. So you can that way
on a server, not open the unpriviledged ports
globally, but allow each connection to open those
ports. That's much better.
Brian D.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Kclug
mailing list