Firewall and TCP
David Cary Hart
Fedora at TQMcube.com
Wed Mar 23 14:48:26 UTC 2005
On Wed, 2005-03-23 at 07:30 -0700, Michael Marsh wrote:
> I have a hardware firewall that forwards incoming connections on port 80
> to port 22 (I can't ssh to my home box from work if I don't use port 80
> since all other outgoing ports are blocked). I am trying to build an
> additional iptables firewall on my linux box which sits behind the
> router. Obviously port 80 is open to the world and the world thinks it
> is an http port so I am getting alot of hack attempts. Is there a way to
> identify any non ssh packets and stop them in their tracks. This is
> tricky since my own ssh connection will travel to port 80 and is then
> forwarded to port 22 behind the router. Are TCP packets identified by
> port number or service type or both. Thanks in advance... I need a
> little education.
>
You can limit to a valid source IP range. I would also use swatch to
whack hackers at the first attempt. Swatch is a log watcher that can run
a script when a pattern is matched (among other things).
If you are new to IPTables, I recommend using webmin as a gui.
--
________________________________________________________________________
Kill Spam at the Source: http://www.TQMcube.com/spam_trap.htm
Today's Spam Trap Adds: http://www.TQMcube.com/BlockedToday
RBLDNSD HowTo: http://www.TQMcube.com/rbldnsd.htm
More information about the fedora-list
mailing list