On Tue, 20 Jan 2004 10:43:04 -0500, Rajsekar Manokaran wrote:
>
> I want to prevent users from binding to any port on my machine,
> specifically, I want to allow bind on localhost but not on the eth0
> interface.
>
> I know that binding to port below 1024 is not allowed by default. How
> do I make it to all the ports?
Really bad idea. UDP connections break badly, so you can't do DNS
lookups, for example. Your best option is to use a firewall,
unfortunately, if your goal is to prevent any application from creating a
LISTENING socket.
The good news is that you don't need a huge number of rules:
IPTABLES -A INPUT -i eth0 -p tcp --syn -m state --state NEW -j REJECT
Now, if you have some services you want to expose to the outside world,
you would have to add rules above this one to enable access to them.
Not a big deal.
EAS
|
Similar Threads
Linear Mode
