This mail goes mainly to Tom, as he sent some Laptop configurations files to the list. I checked the files you had sent to the list as answer to [Shorewall-users] Shorewall on a laptop Now - Is there a specific reason why you actually lock/blacklist the following ports ? - udp 1024:1033,1434 - tcp 57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898 These should IMHO be blocked by the outside world already throuh the default policies. Or has it rather something to do with making sure no requests goes from the Laptop to the outside world through these ports ? Thx for a hint ;) Cheers Joerg -- ------------------------------------------------------------------------ | Joerg Mertin : smurphy@solsys.org (Home)| | in Forchheim/Germany : smurphy@linux.de (Alt1)| | Stardust''s LiNUX System : | | Web: http://www.solsys.org | ------------------------------------------------------------------------ PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Joerg Mertin wrote:> > Now - Is there a specific reason why you actually lock/blacklist the > following ports ? > > - udp 1024:1033,1434 > - tcp 57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898 > > These should IMHO be blocked by the outside world already throuh the > default policies. Or has it rather something to do with making sure no > requests goes from the Laptop to the outside world through these ports ?Probes on those ports are very common. By blacklisting them (with BLACKLIST_LOG_LEVEL=""), I avoid the log clutter that would otherwise result. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Tom Eastep wrote:> Joerg Mertin wrote: > >> Now - Is there a specific reason why you actually lock/blacklist the >> following ports ? >> >> - udp 1024:1033,1434 >> - tcp 57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898 >> >> These should IMHO be blocked by the outside world already throuh the >> default policies. Or has it rather something to do with making sure no >> requests goes from the Laptop to the outside world through these ports ? > > Probes on those ports are very common. By blacklisting them (with > BLACKLIST_LOG_LEVEL=""), I avoid the log clutter that would otherwise > result.I should add that it would be more efficient to place equivalent DROP rules at the bottom of the rules file. DROP net fw udp 1024:1033,1434 DROP net fw tcp \ 57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898 If I did that, a restart would be required to update the port list. I got in the habit of using the blacklist file because I could update the list of ports using a "shorewall refresh" which has traditionally been much faster than "shorewall restart". With Shorewall-perl, "refresh" and "restart" take almost the same amount of time on my systems so I really should move these into the rules file. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
yeah. that was the main reason I asked - I have it in the rules config, as I don''t really change the rules very often ;) Thx for the clarification. Cheers Joerg <quote who="Tom Eastep"> [...]> I should add that it would be more efficient to place equivalent DROP > rules > at the bottom of the rules file. > > DROP net fw udp 1024:1033,1434 > DROP net fw tcp \ > 57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898 > > If I did that, a restart would be required to update the port list. I got > in > the habit of using the blacklist file because I could update the list of > ports using a "shorewall refresh" which has traditionally been much faster > than "shorewall restart". > > With Shorewall-perl, "refresh" and "restart" take almost the same amount > of > time on my systems so I really should move these into the rules file. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> > http://get.splunk.com/_______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- ------------------------------------------------------------------------ | Joerg Mertin : smurphy@solsys.org (Home)| | in Forchheim/Germany : smurphy@linux.de (Alt1)| | Stardust''s LiNUX System : | | Web: http://www.solsys.org | ------------------------------------------------------------------------ PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/