Amarendra GODBOLE rearranged electrons thusly:
> I tried to do something like this:
> IPCHAINS=/sbin/ipchains
> $IPCHAINS -N firewall
> $IPCHAINS -A firewall -s 0.0.0.0/0 -j DENY -l
> $IPCHAINS -A input -s 0.0.0.0/0 -j DENY -l
> $IPCHAINS -A input -i eth0 -j firewall
> $IPCHAINS -A firewall -i lo -j ACCEPT
> $IPCHAINS -A firewall -p TCP -s 0.0.0.0/0 1024: -d 192.168.100.81 telnet -j
> ACCEPT
Try this ....
/usr/sbin/ipchains -P forward DENY
/usr/sbin/ipchains -A forward -s 192.168.100.1/32 -j DENY
[... so on ...]
[the reason being that if you want to disconnect just one box from that
network, you can comment out one of those lines]
to block:
/usr/sbin/ipchains -j DENY -s ip.in.cidr.format -I input 1
(cidr format - ip.ad.dr.ess/32, ipa.ddr.ess./24, etc)
then deny all those who dont belong -
/usr/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
then apply your rules - that should help.
--
Suresh Ramasubramanian + [EMAIL PROTECTED]
Linux is like a Teepee - No Windows, No Gates, Apache Inside
----------------------------------------------
Find out more about this and other Linux India
mailing lists at http://lists.linux-india.org/
