iptables
ajay chaudhary
ajay197947 at rediffmail.com
Fri Apr 8 04:05:11 UTC 2005
i want to block ssh/telnet of these ip's in server
172.16.1.0/24 so as no one can login in 172.16.2.0/24
but we also have to proxy ip 172.16.1.39 which need to remain alive.
kindly help me out!
here's my iptables setting
Chain INPUT (policy ACCEPT)
target prot opt source destination
all -- 172.16.1.0/24 172.16.2.0/24
ACCEPT tcp -- 172.16.2.0/24 anywhere tcp dpt:ftp
ACCEPT tcp -- 172.16.1.95 anywhere tcp dpt:ftp
ACCEPT tcp -- email.philnet anywhere tcp dpt:ftp
ACCEPT tcp -- 172.16.1.176 anywhere tcp dpt:ftp
DROP tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- 172.16.2.0/24 anywhere tcp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
ACCEPT tcp -- 172.16.2.0/24 anywhere tcp dpt:telnet
ACCEPT tcp -- 172.16.1.95 anywhere tcp dpt:telnet
ACCEPT tcp -- 172.16.1.176 anywhere tcp dpt:telnet
ACCEPT tcp -- 172.16.1.22 anywhere tcp dpt:telnet
DROP tcp -- anywhere anywhere tcp dpt:telnet
ACCEPT tcp -- 172.16.2.0/24 anywhere tcp dpt:ssh
ACCEPT tcp -- 172.16.1.95 anywhere tcp dpt:ssh
ACCEPT tcp -- 172.16.1.176 anywhere tcp dpt:ssh
DROP tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
all -- 172.16.2.0/24 172.16.1.0/24
ACCEPT icmp -- anywhere 172.16.2.0/24
ACCEPT icmp -- anywhere email.philnet
ACCEPT icmp -- anywhere 172.16.1.95
ACCEPT icmp -- anywhere 172.16.1.176
ACCEPT icmp -- anywhere localhost
DROP icmp -- anywhere anywhere
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-install-list/attachments/20050408/31378314/attachment.htm>
More information about the Redhat-install-list
mailing list