johndmiller <john at mn.mediaone.net> wrote:
> 
> Second question:
> I am getting messages like :
> portmap[9271] connect from 202.105.205.141 to dump(): request from
> unauthorized host

First off, you shouldn't be running portmap unless you're in a network
that uses NIS or are mounting NFS shares.

most people don't need to be running much at all in the way of network
services.  SSH, lpd, and sendmail are more than enough.  Include identd if
you use IRC.  Sendmail on modern RedHat distributions only listens to
127.0.0.1 by default.  LPD needs to be trained.  I think it's also
worthwhile to drop connection requests to port 6000, the default X Windows
port, since I usually tunnel my X applications over SSH, and am therefore
usually using Unix domain sockets.

With iptables, you can do something like this to block others from
connecting to open ports on your system:

  iptables -A INPUT -i eth0 -p tcp --dport printer -j REJECT \
    --reject-with tcp-reset

Replace `eth0' with appropriate device names (not `lo') and `printer' with
appropriate port names or numbers.  The `--reject-with tcp-reset' will
prevent those ports from showing up as `filtered' with nmap.

You can drop X connections and/or set up X Windows to not listen to TCP
connections.  Wherever your X session starts up, add the parameter
`-nolisten tcp'.

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   Find your aim in life, 
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   before you run out of  
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)  ammunition 
[ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088 at tc.umn.edu ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20010605/f5ae1292/attachment.pgp