[389] in linux-net channel archive
firewalls
daemon@ATHENA.MIT.EDU (John Paul Morrison)
Mon May 29 18:17:09 1995
From: John Paul Morrison <jmorriso@ConcordPacific.com>
To: linux-net@vger.rutgers.edu
Date: Mon, 29 May 1995 12:24:16 -0700 (PDT)
I want to block incoming connections to privileged ports (except for
a few cases).
However I'd like to enable OUTGOING rlogin connections, and I think I
can do this with:
this is need because rlogin binds to a privileged port:
/sbin/ipfwadm -B -a accept -P tcp -S a.b.c.d 1:1024 -D 0.0.0.0/0 513 -b
this is to stop other stuff:
/sbin/ipfwadm -B -a reject -P tcp -S 0.0.0.0/0 -D a.b.c.d 1:1024 2049
but then someone could bind to 513 on their end and try to connect
to my machine.
How can the firewall check that the incoming packet is only for
a connection that my host initiated? (shouldn't this be possible
at least with TCP?)
