Re: [SLUG] Question about firewalls and ports.

From: Paul M Foster (paulf@quillandmouse.com)
Date: Tue Apr 23 2002 - 18:45:17 EDT


On Tue, Apr 23, 2002 at 04:49:26PM -0700, William Reed Coulter wrote:

> That is great but how do I block them from being used? I know that the
> firewall can be setup to block stuff but do I have so specify all the ports
> or just the ones that I want to go in and out?
>

If you're setting up firewall rules, they work in sequence. You can set
up rules that accept traffic on one or more ports first, and then later
on have rules that block everything else. The "everything else" can be
as simple as "drop everything that comes in to this IP address, don't
care what port it is." As your firewall looks at the traffic, it checks
each rule in turn to see if the traffic fits that rule. If it hits the
"accept" rules first (and satisfies them), it gets accepted. If it hits
those rules but doesn't satisfy them (as in, it's on a port you didn't
specify as accepting), it falls through to the "kill the rest" rules.

So no, you don't have to specify everything. Just say, "accept this,
this and this", and then "throw away the rest".

Paul



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:28:19 EDT