> # Normal services
> # FTP
> -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
You probably want to allow port 20 also for passive ftp?
> # Unprivileged ports inserted by Virtuozzo. Why?
> -A INPUT -p tcp -m tcp --dport 32768:65535 -j ACCEPT
> -A INPUT -p udp -m udp --dport 32768:65535 -j ACCEPT
Active ftp data channel tends to use a random high port. In any case,
you probably don't have anything exploitable (or anything at all)
running higher than 1024.
I see that you're filtering your output traffic as well. What's the
reason for this, concern about someone trojaning (verbing weirds
language) the machine?
--
something = cheese(manatee){ begin learjet.each |mustard| do cthulhu{
mustard } end rescue yield ensure return end }
http://www.gnu.org/philosophy/shouldbefree.html
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:58:39 EDT