RE: Firewall "ipchains-rule" questions

Thu, 13 Mar 2003 05:22:22 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm beginning to think this guy is a 'bot...  Same question over &
over...  Doesn't RTFM, and so on....

- -----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 13, 2003 1:26 AM
To: [EMAIL PROTECTED]
Subject: Re: Firewall "ipchains-rule" questions


Hello,

Now, we want to allow users they can only to use the following port
numbers
( services ), but we may need someone to help to check and modify the
"rules"...

ipchains -F

ipchains -A input -i eth0 -p tcp --dport 20 -j ACCEPT
ipchains -A input -i eth0 -p tcp --dport 21 -j ACCEPT
ipchains -A input -i eth0 -p tcp --dport 22 -j ACCEPT
ipchains -A input -i eth0 -p tcp --dport 25 -j ACCEPT
ipchains -A input -i eth0 -p tcp --dport 80 -j ACCEPT
ipchains -A input -i eth0 -p tcp --dport 53 -j ACCEPT
ipchains -A input -i eth0 -p udp --dport 53 -j ACCEPT
ipchains -A input -i eth0 -p tcp --dport 110 -j ACCEPT
ipchains -A input -i eth0 -p tcp --dport 143 -j ACCEPT
ipchains -A input -i eth0 -p tcp --dport 113 -j ACCEPT
ipchains -A input -i eth0 -p udp --dport 113 -j ACCEPT
ipchains -A input -i eth0 -p tcp ! -y -j ACCEPT

ipchains --policy input DENY
ipchains --policy output DENY

ipchains -A output -i eth0 -p tcp --sport 20 -j ACCEPT
ipchains -A output -i eth0 -p tcp --sport 21 -j ACCEPT
ipchains -A output -i eth0 -p tcp --sport 22 -j ACCEPT
ipchains -A output -i eth0 -p tcp --sport 25 -j ACCEPT
ipchains -A output -i eth0 -p tcp --sport 110 -j ACCEPT
ipchains -A output -i eth0 -p tcp --sport 143 -j ACCEPT
ipchains -A output -i eth0 -p tcp --sport 113 -j ACCEPT
ipchains -A output -i eth0 -p udp --sport 113 -j ACCEPT
ipchains -A output -i eth0 -p tcp --sport 80 -j ACCEPT
ipchains -A output -i eth0 -p tcp --sport 53 -j ACCEPT
ipchains -A output -i eth0 -p udp --sport 53 -j ACCEPT
ipchains -A output -i eth0 -p tcp ! -y -j ACCEPT

## Debugging rules.
ipchains -A input -s 0/0 -d 0/0 -l -j REJECT
ipchains -A output -s 0/0 -d 0/0 -l -j REJECT

PS : if DON'T set "! -y -j ACCEPT" , can't connect to outside...

Thank for your help !





- -- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBPnCDPtPjBkUEZx5AEQLvQACfWJCudwODG4TU5DcHffVUjxgfIMoAoKgn
koI666fO72ZuEq8EXn6yLH6U
=B2Gy
-----END PGP SIGNATURE-----



-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to