Re: [Sheflug] ipchains & kde

[Martin P Holland <nospam [at] noether.freeserve.co.uk>]

On Thu, 13 Jul 2000, ross wrote:
>hi all,
>after reading the latest edition of linux format, i've been trying to set up a
>firewall using ipchains using the sugested rules. just something simple to get
>me started with firewalls. problem is that when the rules I'm using are
>imlemented, KFM will no longer read the / directory? if a directory location is
>specified, there is no problem. moving 'up one level' also works okay until /
>is reached. if / is accessed, the whole x session locks up.
>
>the rules i am using are:
>ipchains -A input -p tcp -d 0/0 0:1023 -j DENY
>ipchains -A input -p udp -d 0/0 0:1023 -j DENY
>ipchains -A input -p tcp ! -y -j ACCEPT
>
>i believe the idea is to close all ports which require a root service and only
>allow packets with the SYN flag enabled through.

Errr no! The last rule is actually accepting any _non_ SYN packets. 

A couple of suggestions.

1. You have to allow all packets on the interface lo or your computer won't be
able to talk to itself.

2. Don't have rules for all interfaces like this. Limit your rules to one (ppp0 is what you want).

3. The ipchains howto is actually very good. Read it.

4. Take a look at my generic firewall at www.noether.freeserve.co.uk


Good luck!

atb

Martin



-- 
http://www.shef.ac.uk/~pm1mph



---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.