* * * * *

                              Demilitarized zone

The past few days I've been reconfiguring my firewall/proxy server here at
home and I must certainly say that it's not quite as easy as I thought it
was; and that supporting FTP (File Transport Protocol) is singularly
annoying.

Prior to my mucking about I had allowed all TCP (Transmission Control
Protocol) connections through, and then excluded the ones I didn't want,
which meant that my rules (and I'm using ipfwadm here) looked like:


ipfwadm -I -a reject -P tcp -W eth1 -D $IP 1:19
ipfwadm -I -a reject -P tcp -W eth1 -D $IP 23:24
ipfwadm -I -a reject -P tcp -W eth1 -D $IP 26:79


And so on. Made it hard to see what ports I did support (and I stopped at
1022 because it seems that Linux 2.0 starts handing out ports at 1023 even
though it's supposed to start at 1024 but that's anothe story) and I had to
make sure I blocked services on high ports like Squid [1] and I wanted to
block ports that stuff like Back Oriface [2] use (not that I'm really worried
it'll attack me, but it's always nice to see attempts).

So I started mucking around.

And I'm still fine tuning everything. As Rob [3] pointed out, I'm turning
into a paranoid sysadmin.

Sigh.

But it is easier to see what I'm letting through.

[1] http://www.squid-cache.org/
[2] http://www.bo2k.com/
[3] http://www.tragic-smurfs.com/

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.