-------------------------------------------------------
Jim Roland, President
Roland Internet Services, "The host with the most"
Offering premier web, email and CGI custom programming.
Ask us about Frontpage98 Extensions!
http://www.roland.net/ [EMAIL PROTECTED]
-------------------------------------------------------
On Wed, 24 May 2000, Camelia Nastase wrote:
> Date: Wed, 24 May 2000 12:42:38 +0300
> From: Camelia Nastase <[EMAIL PROTECTED]>
> To: Jim Roland <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
> Subject: Re: IPChains problem
>
> Jim Roland wrote:
> >
> > I am in the process of setting up ipchains for a customer.
> >
> > They want the firewall in a "mostly closed" arrangement.
> >
[snip]
> > I have not specified anything other than the normal flags for the chain.
> > For the above example, the command I used to insert it into the chain:
> > ipchains -I out-dmz -p tcp -d 111.222.333.4 25 -j ACCEPT
> >
> > Can anyone help with the "random port" problem on return packets?
> >
>
> it is "random". you could put a rule resembling "permit ip any any
> established".
>
> /sbin/ipchains -A input -p TCP -s 0/0 ! -y -j ACCEPT
>
> and permit everything comming from port 25.
>
>
> Camelia N.
>
> --
> Camelia Nastase
> [EMAIL PROTECTED]
>
That brings up 3 more questions:
1) Does that mean that I only need to worry about TCP packets for
connections that are NOT established?
2) Does this line still keep a secure firewall?
3) What do I do about UDP packets?
-====---====---====---====---====---====---====---====---====---====---====-
to unsubscribe email "unsubscribe linux-admin" to [EMAIL PROTECTED]
See the linux-admin FAQ: http://www.kalug.lug.net/linux-admin-FAQ/
