[Firewall] Blocked Hosts

Jeffrey Fogel jabetcha at yahoo.com
Tue Oct 24 12:05:22 MDT 2006

I would like to know how best to handle this situation.

I have the following ports opened to the world:

OPEN_TCP="21 22 25 80 443"

And I also have an extensive list of blocked-hosts that I update automatically via a script.

The problem occurs that even though an IP is in the blocked-hosts file, they are not dropped (specifically, on port TCP 21/FTP)

The server only has 1 NIC, and that machine lives behind a Lynksys router and is listed as the DMZ host in the router.

All traffic on the internal network occurs via its private IP. Everything is configured to use the EXT_IF. I want to ensure that all internal traffic is allowed (I'm currently using FULL_ACCESS_HOSTS), and all external traffic is properly restricted. 

I'm not doing NAT or forwarding. There is no dedicated LAN or DMZ interface.

Everything is working fine now, except for the blocked hosts.  What changes do I need?

-- Jeffrey
 All-new Yahoo! Mail - Fire up a more powerful email and get things done faster.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/firewall_lists.btito.net/attachments/20061024/30e93fdd/attachment.html 

More information about the Firewall mailing list