used [Thanks, Solved] Reply-To: In-Reply-To: <466D96C7.70904@shorewall.net> X-Operating-System: GNU/Linux on a i686 Tom Eastep <teastep@shorewall.net> wrote: | mess-mate wrote: | > Tom Eastep <teastep@shorewall.net> wrote: | > | mess-mate wrote: | > | > Tom Eastep <teastep@shorewall.net> wrote: | > | > | mess-mate wrote: | > | > | > Is there a way to setup the rules for closing all not used ports | > | > | > explicitely manually ? | > | > | > As for example in the policy at the end: | > | > | > # THE FOLLOWING POLICY MUST BE LAST | > | > | > all all | > | > | | > | > | That''s exactly what that policy is intended to do. | > | > | | > | > Ok, so if i set it to: | > | > all all DROP | > | > DROP=ignore isn''t, why are these ports responded as ''closed'' ? | > | > | > | > If i set for example in the rules: | > | > DROP net fw tcp 0:60 | > | > all thes ports do not respond, here the ''ignore'' works. | > | | > | What is your entire policy file? | > | | > loc net ACCEPT | > loc dmz ACCEPT | > loc $FW ACCEPT | > loc rtr ACCEPT | > loc all DROP info | > $FW net ACCEPT | > $FW dmz ACCEPT | > $FW loc ACCEPT | > $FW all DROP info | > dmz net ACCEPT | > dmz $FW ACCEPT | > dmz loc DROP info | > dmz all DROP info | > net dmz ACCEPT | > net $FW ACCEPT | | The above two policies are a security disaster. They make your firewall and | your DMZ wide open to attack from the net. | BRRRRR.. thanks Tom, changed immediately. Only port 80 is open for accessing the webserver in the dmz. mess-mate -- Don''t worry. Life''s too long. -- Vincent Sardi, Jr. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/