12-09-2013
Basically you want to deny incoming packets that you didn't initiate? This is usually done in the router, but there are so many tutorials and howtos..
Having just that rule and a default policy of ALLOW on OUTPUT should do it though.
And yes, FORWARD should only matter if you're routing packets. It's likely not even enabled (it's a separate sysctl option)
9 More Discussions You Might Find Interesting
1. Cybersecurity
I need to set up an application to run in a script which will be running as a web server but is a database. I need to allow users to use the web server but the app must be run as root in order for the ports to be accessible. This is not a very secure environment would like to know how this could... (2 Replies)
Discussion started by: rpollard
2 Replies
2. Shell Programming and Scripting
I am trying to transpose tables listed in the format into format. Any help would be greatly appreciated.
Input:
test_data_1
1 2 90%
4 3 91%
5 4 90%
6 5 90%
9 6 90%
test_data_2
3 5 92%
5 4 92%
7 3 93%
9 2 92%
1 1 92%
...
Output:... (7 Replies)
Discussion started by: justthisguy
7 Replies
3. Programming
I've written a python program where I want to allow members of a specific group the ability to kill it, and I'm not sure how to do it. I've been looking at the setuid() and setgid() and similar functions in the os module, but haven't been able to get them to work. I can't seem to change the uid or... (1 Reply)
Discussion started by: vastcharade
1 Replies
4. Red Hat
I have encountered some problems in my school work.
Here is the question:
The server that provides the time synchronization must be configured to allow its clients to verify its authenticity using symmetric cryptography.
Much Appreciated!:) (1 Reply)
Discussion started by: wilsonljx
1 Replies
5. Homework & Coursework Questions
The server that provides the time synchronization must be configured to allow its clients to verify its authenticity using symmetric cryptography.
4. Singapore Polytechnic, Dover, Singapore,Mr Kam, and Computer Engineering
I don't think there is any coding since it is just configuring... (3 Replies)
Discussion started by: wilsonljx
3 Replies
6. Red Hat
Hi Friends,
samba for annonymouse setup but not allowing me to write when i tried to browse from windows 7 box
conf as below
#testparm
Load smb config files from /etc/samba/smb.conf
Processing section ""
Processing section ""
Processing section ""
Loaded services file OK.
Server... (0 Replies)
Discussion started by: heman96
0 Replies
7. UNIX for Dummies Questions & Answers
Hello!
I run an HP Unix system which I host oracle databases on, as well as oracle based apps used by my company. My IA department needs to scan my files to ensure I am following IA procedures and check for vulnerabilities in scripts etc. The scan is coming from corporate, and they asked for... (2 Replies)
Discussion started by: hpuxguy
2 Replies
8. AIX
As I do a ssh <nis_user>@server1 from server2, ssh prompts for certificates (as expected the first time), then it prompts for the users password, as soon as I enter the password, I get a Connection to server1 closed by remote host, and connection to server1 closed. and I disconnect back to the... (3 Replies)
Discussion started by: mrmurdock
3 Replies
9. UNIX for Advanced & Expert Users
Hello Gurus,
I want One user to su to another without allowing root access and password.
I want to run a specific command as below from user am663:
---------------------------------------------------------
sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh
-------------------
But... (6 Replies)
Discussion started by: pokhraj_d
6 Replies
IPFW(4) BSD Kernel Interfaces Manual IPFW(4)
NAME
ipfw -- IP packet filter and traffic accounting
SYNOPSIS
To compile ipfw into the kernel, place the following option in the kernel configuration file:
options IPFIREWALL
Other kernel options related to ipfw which may also be useful are:
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
To load ipfw as a module at boot time, add the following line into the loader.conf(5) file:
ipfw_load="YES"
DESCRIPTION
The ipfw system facility allows filtering, redirecting, and other operations on IP packets travelling through network interfaces.
The default behavior of ipfw is to block all incoming and outgoing traffic. This behavior can be modified, to allow all traffic through the
ipfw firewall by default, by enabling the IPFIREWALL_DEFAULT_TO_ACCEPT kernel option. This option may be useful when configuring ipfw for
the first time. If the default ipfw behavior is to allow everything, it is easier to cope with firewall-tuning mistakes which may acciden-
tally block all traffic.
To enable logging of packets passing through ipfw, enable the IPFIREWALL_VERBOSE kernel option. The IPFIREWALL_VERBOSE_LIMIT option will
prevent syslogd(8) from flooding system logs or causing local Denial of Service. This option may be set to the number of packets which will
be logged on a per-entry basis before the entry is rate-limited.
Policy routing and transparent forwarding features of ipfw can be enabled by IPFIREWALL_FORWARD kernel option.
The user interface for ipfw is implemented by the ipfw(8) utility, so please refer to the ipfw(8) manpage for a complete description of the
ipfw capabilities and how to use it.
SEE ALSO
setsockopt(2), divert(4), ip(4), ipfw(8), sysctl(8), syslogd(8), pfil(9)
BSD
September 1, 2006 BSD