<P>
i want to block ssh/telnet of these ip's in server <BR>
<BR>
172.16.1.0/24 so as no one can login in 172.16.2.0/24<BR>
<BR>
but we also have to proxy ip 172.16.1.39 which need to remain alive.<BR>
<BR>
<BR>
kindly help me out!<BR>
<BR>
here's my iptables setting<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
Chain INPUT (policy ACCEPT)<BR>
target prot opt source destination <BR>
all -- 172.16.1.0/24 172.16.2.0/24 <BR>
ACCEPT tcp -- 172.16.2.0/24 anywhere tcp dpt:ftp <BR>
ACCEPT tcp -- 172.16.1.95 anywhere tcp dpt:ftp <BR>
ACCEPT tcp -- email.philnet anywhere tcp dpt:ftp <BR>
ACCEPT tcp -- 172.16.1.176 anywhere tcp dpt:ftp <BR>
DROP tcp -- anywhere anywhere tcp dpt:ftp <BR>
ACCEPT tcp -- 172.16.2.0/24 anywhere tcp dpt:netbios-ssn <BR>
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn <BR>
ACCEPT tcp -- 172.16.2.0/24 anywhere tcp dpt:telnet <BR>
ACCEPT tcp -- 172.16.1.95 anywhere tcp dpt:telnet <BR>
ACCEPT tcp -- 172.16.1.176 anywhere tcp dpt:telnet <BR>
ACCEPT tcp -- 172.16.1.22 anywhere tcp dpt:telnet <BR>
DROP tcp -- anywhere anywhere tcp dpt:telnet <BR>
ACCEPT tcp -- 172.16.2.0/24 anywhere tcp dpt:ssh <BR>
ACCEPT tcp -- 172.16.1.95 anywhere tcp dpt:ssh <BR>
ACCEPT tcp -- 172.16.1.176 anywhere tcp dpt:ssh <BR>
DROP tcp -- anywhere anywhere tcp dpt:ssh <BR>
<BR>
Chain FORWARD (policy ACCEPT)<BR>
target prot opt source destination <BR>
<BR>
Chain OUTPUT (policy ACCEPT)<BR>
target prot opt source destination <BR>
all -- 172.16.2.0/24 172.16.1.0/24 <BR>
ACCEPT icmp -- anywhere 172.16.2.0/24 <BR>
ACCEPT icmp -- anywhere email.philnet <BR>
ACCEPT icmp -- anywhere 172.16.1.95 <BR>
ACCEPT icmp -- anywhere 172.16.1.176 <BR>
ACCEPT icmp -- anywhere localhost <BR>
DROP icmp -- anywhere anywhere <BR>
<BR>
<BR>
</P>
<br><br>
<A target="_blank" HREF="http://clients.rediff.com/signature/track_sig.asp"><IMG SRC="http://ads.rediff.com/RealMedia/ads/adstream_nx.cgi/www.rediffmail.com/inbox.htm@Bottom" BORDER=0 VSPACE=0 HSPACE=0></a>