On Thu, 25 Apr 2002 23:09:38 -0400 "Morgan Reed" <[EMAIL PROTECTED]> wrote:
> Scott, > > A quick follow-up question regarding allowing protocol 47 packets > though, I attempted to manually set the IPCHAINS rules just to do a > quick test, and this is what I got: > > firewall: -root- > # ipchains -A input -s 0/0 -d 0/0 1723 -p tcp -l -j ACCEPT > > firewall: -root- > # ipchains -A input -s 0/0 -d 0/0 1723 -p 47 -j ACCEPT > ipchains: can only specify ports for icmp, tcp or udp > Try `ipchains -h' or 'ipchains --help' for more information. This ipchains rule should not specify port 1723. Ports are not a part of the GRE header, so they cannot be specified as targets for ipchains. The rule should read: ipchains -A input -p 47 -j ACCEPT To be absolutely minimal about it. If no source or destination address is given, the default is everything. HTH, Chad p.s. take a look at http://www.protocols.com/pbook/tcpip3-1.htm and http://www.protocols.com/pbook/tcpip.htm#TCP for more details on this. This is pretty heavy stuff if you're not used to it, but it tells you what is in the headers of the packets you are trying to filter. It is invaluable if you want to really nkow what you can do with ipchains. _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user