-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm beginning to think this guy is a 'bot... Same question over & over... Doesn't RTFM, and so on....
- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 1:26 AM To: [EMAIL PROTECTED] Subject: Re: Firewall "ipchains-rule" questions Hello, Now, we want to allow users they can only to use the following port numbers ( services ), but we may need someone to help to check and modify the "rules"... ipchains -F ipchains -A input -i eth0 -p tcp --dport 20 -j ACCEPT ipchains -A input -i eth0 -p tcp --dport 21 -j ACCEPT ipchains -A input -i eth0 -p tcp --dport 22 -j ACCEPT ipchains -A input -i eth0 -p tcp --dport 25 -j ACCEPT ipchains -A input -i eth0 -p tcp --dport 80 -j ACCEPT ipchains -A input -i eth0 -p tcp --dport 53 -j ACCEPT ipchains -A input -i eth0 -p udp --dport 53 -j ACCEPT ipchains -A input -i eth0 -p tcp --dport 110 -j ACCEPT ipchains -A input -i eth0 -p tcp --dport 143 -j ACCEPT ipchains -A input -i eth0 -p tcp --dport 113 -j ACCEPT ipchains -A input -i eth0 -p udp --dport 113 -j ACCEPT ipchains -A input -i eth0 -p tcp ! -y -j ACCEPT ipchains --policy input DENY ipchains --policy output DENY ipchains -A output -i eth0 -p tcp --sport 20 -j ACCEPT ipchains -A output -i eth0 -p tcp --sport 21 -j ACCEPT ipchains -A output -i eth0 -p tcp --sport 22 -j ACCEPT ipchains -A output -i eth0 -p tcp --sport 25 -j ACCEPT ipchains -A output -i eth0 -p tcp --sport 110 -j ACCEPT ipchains -A output -i eth0 -p tcp --sport 143 -j ACCEPT ipchains -A output -i eth0 -p tcp --sport 113 -j ACCEPT ipchains -A output -i eth0 -p udp --sport 113 -j ACCEPT ipchains -A output -i eth0 -p tcp --sport 80 -j ACCEPT ipchains -A output -i eth0 -p tcp --sport 53 -j ACCEPT ipchains -A output -i eth0 -p udp --sport 53 -j ACCEPT ipchains -A output -i eth0 -p tcp ! -y -j ACCEPT ## Debugging rules. ipchains -A input -s 0/0 -d 0/0 -l -j REJECT ipchains -A output -s 0/0 -d 0/0 -l -j REJECT PS : if DON'T set "! -y -j ACCEPT" , can't connect to outside... Thank for your help ! - -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPnCDPtPjBkUEZx5AEQLvQACfWJCudwODG4TU5DcHffVUjxgfIMoAoKgn koI666fO72ZuEq8EXn6yLH6U =B2Gy -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list