[Dshield] Configuring iptables; need favorite port lists

Kenton Smith ksmith at chartwelltechnology.com
Thu Jun 19 17:36:09 GMT 2003


Forgive me if this misses your point (again, sorry) but what about using
Ed's deny all for your rules and log everything that isn't explicitly
allowed. You could then just grep (or similar) the logs for the
interesting ports. This would allow you to pull information for the
interesting ports today, and if there was a new interesting port
tomorrow, you would still have all the information at your disposal for
historical reference as well. This would then also prevent any errors
inadvertently made while changing your IPTables on a regular basis.
Of course you need lots of disk space but that's cheap...

Just a thought,

Kenton


On Thu, 2003-06-19 at 07:34, John Sage wrote:
> On Thu, Jun 19, 2003 at 06:41:15AM -0500, Ed Truitt wrote:
> > I don't have a specific list, but I would look for the following:
> 
> <snip>
> 
> > BTW, I have all my IPTABLES built with one port/entry, that way I can
> > adjust it easily enough.  YMMV.
> > 
> > Hope this helps.
> 
> So you have one line/statement per port?
> 
> This is a good idea.
> 
> It may be that I should try that approach...
> 
> ...at the moment I'm still hacking through iptables for two goals:
> 
> 1) learn how it works
> 
> 2) get it to do what I want...
> 
> 
> Thanks..
> 
> 
> - John




More information about the list mailing list