Why wouldn't I do this with iptables Approved: IGuessNot
You should block in INPUT all the ports except the ones you want to provide a service for (80 - http, 25 - mail and so on), then you have to think about which ports are needed by those services to function.
When someone connect to your http server on port 80, the server will enable the 'related-established' flag to signal that such a connection is okeydokey (run tcpdump or iptraf on a machine and see it for yourself). So if you don't let those connection trought you won't provide any service at all.
Black Sun and said: Wrong; neither Knoppix nor 'Doze2K will help you with the problem you have right now. The stuff that Eric was referring to...
Then you need to think which port you need to open in OUTPUT from the machine itself. If you want to send mail you need to open port 25 and something in return (see before, the same discussion goes for mail too).
Does the machine need to access ftp sites? For updates for example? Do you want host-domain names in your log file? Then you need to access a DNS. And so on...
All this stuff is explained in the firewall and networking howtos.
Davide
-- Market share leadership is a tenuous thing, Mr. Gates: ask IBM ;-) -- Laurent Szyster
MAX screen resolution on FC2 Is 800x600 2988
Linux groups from Newsgroups