It look like a stateless packet filter which is not very usefull.
If it was aware of conection states you could deny all incomming connections and be pretty save.
Now you have to allow incomming packets to all ports except the server ports.
The best way to set this up would be to block all outgoing packets except to http and ftp. That way the return packets of a attack will be blocked and you still have only a few rules.
Please login before posting a comment. Use the form on the right to do so or create a free account.
Search the archives
Today's featured article
Qercus reviewed but renewed? Forty months after taking out an annual subscription, Martin Hansen ponders whether or not to continue his Qercus sub 28 comments, latest by hzn on 3/8/07 4:15PM. Published: 27 Jul 2007