Re: [TCLUG:5658] starting ipchains

[Ben Luey <lueyb@carleton.edu>]

This breaks ssh. Anyone know what port other than 22 ssh needs to properly
connect?

Thanks,

Ben

On Thu, 29 Apr 1999, Ben Luey wrote:

> Attached is the beginning of my ipchains. It is meant for a single
> computer doing no routing or masquerading, but if you are doing routing
> and masq, I think you will only need to change
> YOURIP=137.22.65.56
> to 
> YOURIP=137.22.65.56/8  or whatever your network range is
> 
> and add rules for the other interface.
> 
> I originally had ipchains deny all ports but default instead of 1:1023 but
> this killed all access. What ports must I leave open in the input chain
> and what outside of 1:1023 can I close? -- I noticed that netstat lists to
> a good amount of other ports (7000, etc) are there other ranges I can
> kill, or can I kill by default, or is there just one or two ports I must
> keep open and I can kill the rest. 
> 
> Later I'll have the first rule kill all access and so you won't have bad
> rules while this is loading.
> 
> Thanks,
> 
> Ben
> 
> 
> 
> Ben Luey
> lueyb@carleton.edu
> ICQ: 19144397
> 
> Modern computerized word processing enables us, both as individuals and as a
> cohesive societal entity, to exponentially enhance and aggrandize the 
> parameters, both qualitative and quantitative, not to mention paradigmatic, of 
> out communicative conceptualizations because now we can spell great big words
> correctly without having a clue what they mean.  -- Dave Barry
> 

Ben Luey
lueyb@carleton.edu
ICQ: 19144397

The world will not evolve past its current state of crisis by using the same
thinking that created the situation.
       -- Albert Einstein