Thanks a million. I am posting my IPCHIANS file as found in /etc/sysconfig
Thanks again for looking at this. This has been driving me nuts :)... -F input -F output -F forward # ANTI-SPOOFING -A input -p all -j DENY -s 10.0.0.0/8 -i eth0 -d 0.0.0.0/0 -A input -p all -j DENY -s 127.0.0.0/8 -i eth0 -d 0.0.0.0/0 -A input -p all -j DENY -s 192.168.0.0/16 -i eth0 -d 0.0.0.0/0 -A input -p all -j DENY -s 172.16.0.0/16 -i eth0 -d 0.0.0.0/0 -A input -p all -j DENY -s <server IP address> -i eth0 -d 0.0.0.0/0 -A input -s 0/0 -d 0/0 -p tcp -i eth1 -y -j ACCEPT -A input -s 0/0 -d 0/0 -p udp -i eth1 -j ACCEPT -A input -s <LocalNetworkIp/CIDR> -d <LocalNetworkIp/CIDR> -p tcp -y -j ACCEPT -A input -s <LocalNetworkIp/CIDR> -d <LocalNetworkIp/CIDR> -p udp -j ACCEPT -A input -p tcp -s <LocalNetworkIp/CIDR> -d <LocalNetworkIp/CIDR> 10000 -y -j ACCEPT -A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth0 -j ACCEPT -A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT -A input -s 0/0 -d 0/0 110 -p tcp -y -j ACCEPT -A input -s 0/0 -d 0/0 80 -p tcp -j ACCEPT -A input -s 0/0 -d 0/0 21 -p tcp -y -j ACCEPT -A input -s 0/0 -d 0/0 -i lo -j ACCEPT ### ICMP DATA # Some ICMP types are needed for normal operation, like type 3, Do NOT # block ICMP type 3. Some types are dangerous and should be blocked: # type 4 source quench, type 5 redirect, type 9 router advertisement, type # 12 parameter problem, type 13 Timestamp and 14 Timestamp Reply. Others # are optional: type 0 echo-reply (outgoing pings), type 8 echo-request # (incoming pings), type 11 Time Exceeded (to do traceroutes), type 30 # Traceroute (incoming, non-unix) -A input -p icmp --icmp-type 0 -j ACCEPT -A input -p icmp --icmp-type 3 -j ACCEPT #-A input -p icmp --icmp-type 8 -j ACCEPT -A input -p icmp --icmp-type 11 -j ACCEPT #-A input -p icmp --icmp-type 4 -j DENY #-A input -p icmp --icmp-type 8 -j DENY #-A input -p icmp --icmp-type 5 -j DENY -A input -p icmp -l -j DENY -A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j DENY -A input -p tcp -s 0/0 -d 0/0 2049 -y -j DENY -A input -p udp -s 0/0 -d 0/0 0:1023 -j DENY -A input -p udp -s 0/0 -d 0/0 2049 -j DENY -A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j DENY -A input -p tcp -s 0/0 -d 0/0 7100 -y -j DENY -A input -p tcp -s 0/0 -d 0/0 3306 -y -j DENY -A input -p tcp -s 0/0 -d 0/0 10000 -y -j DENY # FORWARD RULES -P forward DENY -A forward -p all -j MASQ -s 10.100.125.0/255.255.255.0 -d 0.0.0.0/0 The <LocalNetworkIP/CIDR> is simply my local network IP and Netmask. ETH1 is my INTERNAL network. I dont think you need that for anything, but if you do, let me know and I will disclose them on a confidentail basis... Thanks for looking at this!!! Also, I dont have MASQ on now, so I could not try that ipchains command you wanted. Look over these rules and let me know if you see anything obscure and I will try is again... Joe Giles [EMAIL PROTECTED] AOL ID: mcigiles -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
