At 10:35 28/01/02 -0500, Netcom wrote: >Julian I believe you have passed along some good information here. I >would like to ask you for a favor. > >At 01:45 PM 1/28/02 +0000, Julian Church wrote (snipped): > >>$IPCH -I input 1 -j ACCEPT -p tcp -s 192.168.100.1 80 ! -y -d 0/0 -i >>$EXTERN_IF > >Would you explain with a little more detail what thus rule is doing? I >get some of it, and don't get some.THANKS, eitherway.
Although I've been fiddling about with LEAF for about a year now, I still feel like a bit of newbie about this, so if anyone wants to correct anything, they should just jump in. This is what worked for me. In general terms this ipchains command, modifies your firewall rules to allow packets of a certain type through. First bit is about where the new rule should go. -I input 1 insert at position one in the input chain (that's a capital I, not an l or anything) Then what to do with the packets. -j ACCEPT jump to the accept chain (basically just let the data through) The next part is where we specify what packets the new rule should act on. Remember this should describe packets we want to let through, not the ones we want to stop. -p tcp protocol is TCP -s 192.168.100.1 80 with source IP 192.168.100.1 and source port 80 -d 0/0 with any destination address (not sure if I need this really) ! -y without the SYN flag (see below) -i eth0 packets arriving at eth0 (I'm assuming eth0 is the external interface) I'm not 100% sure about the SYN flag thing. As I understand it, the SYN flag indicates that a packet is sent to initiate a connection. If you're viewing the modem's web page, then your browser will be the one initiating the connection, so packets returning from the modem's webpage shouldn't have SYN set. I get the impression that SYN packets can be used by hackers to cause more damage, so it seemed sensible to specify a rule that would still exclude them. Hope that helps Julian Church -- [EMAIL PROTECTED] www.ljchurch.co.uk _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
