On Fri, Mar 17, 2000 at 03:38:23PM +0100, Mikael Schmidt wrote:
> At 03:47 PM 3/16/00, you wrote:
> >Assuming that eth0 is your internal interface, and eth1 is your public
> >interface, then to deny your internal packets from leaving your site,
> >place the following near the top of your ruleset, after you flush your
> >rules, set your default policies and do your spoofing checks:
> >
> >ipchains -A output -i eth1 -S 192.168.0.0/16 -D 0/0 -j DENY -l
>
> seems that this wouldn't do the trick for me... it is still leaking out and
> causing a conflict for my isp. anyother good ideas?
First of all this has to be at the top of your output ruleset and it should
deny every wrong package:
... all your normal ipchains rules
ipchains -I output -i eth1 -S ! 1.2.3.4 -D 0/0 -j DENY -o
This will deny all packets which are not coming from your official IP
Address 1.2.3.4
Greetings
Bernd
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
