[Firehol-support] block all unused ports

ibk ibk at cyberverse.com
Fri Feb 25 22:14:14 GMT 2005

I am using firehol 1.214-4 (Debian/Sarge, with packaged kernel
2.4.27-2-k7 for basic services on a self-manged server at an ISP)

The system is for basic mail, web and some off site storage. 



blacklist full ""

interface eth0 internet
 protection strong
 server "icmp imap imaps ntp sbadm smtps ssh smtp dns http https pop3
althttp rsync webmin" accept

 client all accept


client_sbadm_ports="default 225"

(the last here is an extra ssh service for emergent admin access)

We continually get hit hundreds of "requests" of the sort
"sshd[21029]: Illegal user admin from
sshd[21029]: Failed password for illegal user admin from
port 48594 ssh2"

from a variety of sources. 

Should we and if so, could we easily block these higher unused ports? 

We have been looking at ways to ease the firewall scripts etc.. and so
far after trying all the others in Sarge firehol wins hands down - it is
really amazing. 

Thanks for any advice or observations. 

Also is there any book that we can buy/read that covers firehol and how
it works etc.. with iptables - so as to get more understanding? 



More information about the Firehol-support mailing list