From: Richard Ford (pmfirewall@cubok.com)
Date: Wed May 16 2001 - 13:48:18 PDT
Again,
A subset of my rules...
This is why I believe it is fruitless to add a specif custom port of 1723 as
the below rules allow anything in?
This is a default pmfirewall setup.
Chain input (policy REJECT):
target prot opt source destination ports
ACCEPT all ------ 10.0.0.0/24 0.0.0.0/0 n/a
ACCEPT icmp ------ 0.0.0.0/0 203.*.*.*/29 * -> *
ACCEPT tcp ------ 0.0.0.0/0 203.*.*.*/29 * ->
1023:65535
ACCEPT udp ------ 0.0.0.0/0 203.*.*.*/29 * ->
1023:65535
DENY all ----l- 0.0.0.0/0 0.0.0.0/0 n/a
The last few lines allow anythign in above port 1023 and below 65535. Why
is this? I assume this is for return packets? But is that not the job of
the first rule I posted in my last message.
That would explain why the proto 47 made things work. Whatever proto 47 is!
:)
Cheers,
Richard.
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.
*
* Need answers fast? Check the list archive located at:
* http://www.pointman.org/PMFirewall/list-archive/
*
This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:41:37 PDT