IPCHAINS
Duncan
drack at mweb.co.zw
Mon Jul 19 07:00:18 UTC 2004
Still this simple firewall is not allowing traffic from me ISP and the
CLIENT but traffic on the LAN is flowing , all i want to do is allowa
traffic from me to the client , the client has squid so there is no need for
masquarading .Hw do i do that with tis firewall.
# Setting default to deny all
/sbin/ipchains -P input DENY
/sbin/ipchains -P output DENY
/sbin/ipchains -P forward DENY
#allowing localhost
/sbin/ipchains -A input -j ACCEPT -p all -s localhost -d localhost -i lo
/sbin/ipchains -A output -j ACCEPT -p all -s localhost -d localhost -i lo
#Deny packets from internet claiming to be from localhost and log
/sbin/ipchains -A input -j REJECT -p all -s localhost -i ppp0 -l
#Deny packets that mimic internal IPs and log
/sbin/ipchains -A input -j REJECT -p all -s clientLAN/24 -i ppp0 -l
#Allow packets from ISP
/sbin/ipchains -A input -j ACCEPT -p all -s ISPrange/24 -d
ientLAN/24 -i ppp0
#Allow packets from LAN
/sbin/ipchains -A output -j ACCEPT -p all -s client/24 -d ISPrange/24 -i
ppp0
#Allow outgoing packets thru internal interface
/sbin/ipchains -A input -j ACCEPT -p all -s clientLAN/24 -i eth0
/sbin/ipchains -A output -j ACCEPT -p all -s clientLAN/24 -i eth0
----- Original Message -----
From: "Joe Szilagyi" <js at axxs.net>
To: <drack at mweb.co.zw>
Sent: Saturday, July 17, 2004 2:38 AM
Subject: Re: IPCHAINS
> What was the solution out of curiosity?
>
> Regards,
> Joe
>
>
>
>
> ----- Original Message -----
> From: "Duncan" <drack at mweb.co.zw>
> To: "General Red Hat Linux discussion list" <redhat-list at redhat.com>
> Sent: Friday, July 16, 2004 6:42 AM
> Subject: Re: IPCHAINS
>
>
> YOU MAY TRASH THE QUESTION , I HAVE SORTED IT OUT
> THANKS
>
> ----- Original Message -----
> From: "Duncan" <drack at mweb.co.zw>
> To: "General Red Hat Linux discussion list" <redhat-list at redhat.com>
> Sent: Friday, July 16, 2004 9:10 AM
> Subject: IPCHAINS
>
>
> would the following ipchains stop tcp connections from anyone else other
> than iprange , the ips in LAN 195.167.2.0/24
>
> /sbin/ipchains -F
> /sbin/ipchains -P input -p tcp DENY
> /sbin/ipchains -A input -p tcp -s iprange/24 -d 195.167.2.0/24 -j
> ACCEPT
> /sbin/ipchains -A input -p udp -s iprange/24 -d 195.167.2.0/24 -j
> ACCEPT
> /sbin/ipchains -A input -p icmp -s iprange/24 -d 195.167.2.0/24 -j
> ACCEPT
>
> Please advice
>
> --------------------------------------------------------------------------
--
> ---------------------------
> Duncan Rack
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=subscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
>
More information about the redhat-list
mailing list