Hey: Why not exist the pkg for new kernels (2.4.*)? The firewall in 2.4.* series (Netfilter) is *really* better than ipchains, ipchains is one module of iptables, iptables/Netfilter include stateful cheking of packets.
Other advantages in the 2.4.* series include journaling filesystems... Regards, -Adriano -- Adriano Manuel Galano Diez SATEC, S.A. System & Network Engineer Phone : (+34) 912 110 383 http://www.satec.es PCell : (+34) 676 957 685 Office: (+34) 917 089 000 ----- Original Message ----- From: "Andy Brown" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 23, 2001 6:12 PM Subject: [cobalt-developers] Raq4 ipchains/firewall very strange problem > Hi All, > > This problem is really starting to bug me, so thought I'd post and see > if anybody can come up with something. I'm running a Raq4i, using it as > a proxy so I've installed Squid and a couple of other things. Installed > the ipchains RPM, and setup my ipchains rules to block stuff we don't > want, however its not working! > > Ipchains is supposed to be blocking port 110 among others, and I can > happily telnet in to that port, even while the ipchains rule is in > place! (I know I can turn it off in inetd.conf but I want to test my > ipchains rules this way first) > > Does anyone know if I need to do something different for the Cobalt > products, I installed ipchains from: rpm -Uvh > ftp://ftp.rpmfind.net/linux/redhat/6.2/en/os/i386/RedHat/RPMS/ipchains-1 > .3.9-5.i386.rpm > > Which went in no problems. I've had ipchains running on countless other > machines (Both Cobalt and Slakware/Suse/RedHat) so don't see where the > problem is! > > I've added my ipchains script below just in case! > > Thank u! > > Andy > [EMAIL PROTECTED] > http://ineedlinux.info/ > > > ( Below is a simplified set of my rules ) > > > > :input ACCEPT > :forward DENY > :output ACCEPT > -A input -s 0.0.0.0/0.0.0.0 -d 193.195.161.17/255.255.255.255 110 -p tcp > -j DENY -l > > -A forward -s 10.0.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth1 -j MASQ > > -A output -s 0.0.0.0/0.0.0.0 110:110 -d 0.0.0.0/0.0.0.0 -i eth1 -p tcp > -j DENY > > > (PS: Not my real IP addresses shown above) > > _______________________________________________ > cobalt-developers mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-developers _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
