[KLUG Members] IPChains problem

[members@kalamazoolinux.org]

>> And since the packets I'm concerned about are coming from the
>> machine
>> we're talking about, it follows that the output chain is at least a
>> 
>> legitimate place to place a rule, right?
>
>No not nessesarily because any packets from the outside first go
>through the input chain.....
Once again, we seem to be losing the context of this problem, which is 
specific in nature, not a general or philosophical issue.

The Problem:
1. Restrict access from outside to the services we support.
2. Prevent any packets that are produced on the server other than 
   those involved in the above services from leaving, and log them.

>>>>>-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
>>>This rule will allow your machine to contact any machine on port 80
>>>from any source port and any machine to connect to your machine on
>>>port 80 from any source port. 
>>Seems to be a prerequisite for running a web server.
>not exactly .... you do not want conversations to your web server
>coming in from something lower than port 1024. That would be
>abnormal and indicative of an attack....
So a connection on port 80 is an attack?

I have the same comments for the other proposals, as well. Servers listen on 
ports, like 20, 53, etc.... and the commands you propose appear to block them. 
I guess I simply so not understand this at all....