On Wed, 24 May 2000, Camelia Nastase wrote:
> Jim Roland wrote:
> >
> > I am in the process of setting up ipchains for a customer.
> >
> > They want the firewall in a "mostly closed" arrangement.
Camilie Nastase wrote:
>
> it is "random". you could put a rule resembling "permit ip any any
> established".
>
> /sbin/ipchains -A input -p TCP -s 0/0 ! -y -j ACCEPT
>
> and permit everything comming from port 25.
>
>
> Camelia N.
I realize that I could be very wrong here...being a beginning
ipchains bumbler BUT:
As I understand it, the -y flag refers to SYN TCP packets
only. ie : TCP packets used to initiate a connection. So the rule :
/sbin/ipchains -A input -p TCP -s 0/0 -y -j ACCEPT
would accept all TCP packets that are connection requests from remote
computers. It seems to me that there needs to be another rule that would
take care of the rest of the TCP packets....especially if you have a
catchall -j DENY at the end of your ruleset.
That is my (questionable) contribution. If I'm wrong, please tell
me so that I don't make Jim's life more difficult than it already is.
Dave Hearne
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
