> -----Original Message----- > From: smoothmilk [mailto:smthmlk@xxxxxxxxxxxxxxxxx] > > heh, considering that RH includes this tool and it doesnt work out of > the box, I'd say it should be a concern to the people who > could possibly > fix that, perhaps those people read this list. I mean, when > you install > fedora/redhat, it says do u want a firewall? If you choose > yes, (which i > did) it's not going to do anything--even something very very > simple like > deny all incoming new connections. > > The following are what I have with only ftp allowed and eth0 trusted.. > yet somehow, any computer (on the lan or on the internet) can access > http, ssh, and every other port on my computer. <SNIP> I'm going to ask a _very_simple question.. You want to deny everything eccept the following > 1. allow incoming connections on ports 11000 (http), 21 > (ftp), 22 (ssh), > and 113 (identd). > 2. allow outgoing on all ports. > 3. just 1 ethernet card, eth0. And you have only 1 Ethernet Card. So.. Assuming you are using eth0 to connect to I-net (via PPP/PPPoE/DSL etc..) I suggest you get a real firewall front-end like shorewall. (www.shorewall.net IIRC) The problem here is you want to allow only item 1 above, and you put eth0 as trusted. So... this is Never gonna work out.. If eth0's trusted, it mean (tm) that _all_ ports on eth0 will _not_ be blocked. You either have to uncheck eth0 as trusted or get another ethernet card. So.. I think the problem is there. Un-Trust Eth0 and try again. PS : I like your Domain Name.. Can I get Free Email with that Domain? :)
