RE: Firewall "ipchains-rule" questions

Tue, 11 Mar 2003 06:46:23 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Check out http://tomii.dnsalias.com/firewall.txt for a well
documented ipchains script

- -----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 9:45 AM
To: [EMAIL PROTECTED]
Subject: Firewall "ipchains-rule" questions


Hello to you,

After the following "iptables-rules" on Linux Redhat 7.2 Server :

/etc/rc.d/rc.local :
iptables -F
iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG
- -j
DROP
iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j
ACCEPT

iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP

Then, the Internet users they can only to use the port numbers (
services ) : 80 ( Web ) and 53 ( DNS )...

On Linux Redhat 6.x Server, we can only to use "ipchains-rules"
function  :

ipchains -F
ipchains -A input -i eth0 -p tcp --dport 80 -j ACCEPT
ipchains -A input -i eth0 -p tcp --dport 53 -j ACCEPT
ipchains -A input -i eth0 -p udp --dport 53 -j ACCEPT

But, how can we only allow users to use port numbers ( services ) :
80 (
Web ) and 53 ( DNS )... ?

Very thank for your help !

Ed.




- -- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBPm32idPjBkUEZx5AEQKIlgCdE75TLtK79Og9eZDnr7+XsY1zWwwAoLuH
rVlgwHAdil3PnpLORpivIZSB
=6eDI
-----END PGP SIGNATURE-----



-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to