
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
#
# These rules were developed based on <http://xforce.iss.net/alerts/
# advise8.php>.
#
# NetBus allows the remote user to do most of the functions BO can do, 
# as well as open/close the CD-ROM drive, send interactive dialogs to 
# chat with the compromised system, listen to the system's microphone 
# (if it has one), and a few other features.
#
# To install, copy this file to /etc/firewall/modules/public/
# block-remote-ports/netbus. There's no need to execute rc.firewall 
# with the --update-config parameter.
# 
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2001-02-05  Edwin ten Brink <edwin@privateer.student.utwente.nl>
#             Updated documentation to reflect path changes in v5.1
# 2000-10-16  Jean-Sebastien Morisset <jsmoriss@jsm-mv.dyndns.org>
#             Initial module written for v5.0.
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

echo "Reject $INTOPT $IPADDR -> $ANY NetBus (logged)"
ipchains -A $OUTCHAIN -j REJECT -p tcp -y -s $IPADDR $UNPRIVPORTS -d $ANY 12345:12346 -l

