/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
Your question is unclear to me, so i'll throw out two possible solutions.
if you are simply trying to block incoming traffic to a certain port, you
could do it this way. note: i'm not entirely sure if this is the best way
to do it, but it has worked well for me.
/sbin/ipchains -A input -j REJECT -p tcp -s 0/0 -d \
`ifconfig eth0 |grep inet | awk '{print $2}'| cut --delimiter=":" -f 2` 21
this simply checks my ip address when it is executed and sets the chain to
reflect it. (this example blocks port 21, ftp)
____
okay, if you are trying to block all packets directed to a certain port
coming from a box in your internal network, the following will do the job
/sbin/ipchains -A input -j REJECT -p tcp -s ipofchoice/32 -d 0/0 portnumber
... hope this helps
*- a. thomas pratt
*- linworth alt hs.
On Fri, 17 Sep 1999, Robert Cotran wrote:
> /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
>
>
>
> I have a relatively simple question...
>
> How would I allow access to all ports except one through a MASQ machine?
> Example.. I have a chain set up to allow all traffic out from a certain IP.
> But if I want to block that IP from accessing one port in particular, how
> would I do that? Thanks for any help!
>
> Rob
>
>
> _______________________________________________
> Masq maillist - [EMAIL PROTECTED]
> Admin requests can be handled at http://www.indyramp.com/masq-list/
> or email to [EMAIL PROTECTED]
>
> PLEASE read the HOWTO and search the archives before posting.
> You can start your search at http://www.indyramp.com/masq/
> Please keep general linux/unix/pc/internet questions off the list.
>
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES
UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
