Hello Dekxter, Monday, October 13, 2003, 6:32:40 PM, you wrote:
Multumesc pentru mesajul explicit si documentat insa tot nu vad cu ce opresc aceste reguli conexiunile intiate de ICQ si YM pe porturile 25, 25, 80, 110, 143. Sau le blocheaza si nu imi dau eu seama ? DX> va trebui sa modifici FORWARD cu: DX> iptables --policy FORWARD DROP DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 25 --jump ACCEPT DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 80 --jump ACCEPT DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 110 --jump ACCEPT DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 143 --jump ACCEPT DX> # aceste 4 reguli sunt pentru acces la orice adresa pentru DX> # mail prin POP3, IMAP, send shi www DX> iptables -A FORWARD -d 192.168.0.0/24 --syn --jump DROP DX> iptables -A FORWARD -s 192.168.0.0/24 --syn --jump DROP DX> # aceste 2 reguli resping orice tentativa de initiere a unei conectari DX> # in reteaua locala sau de la reteaua locala spre internet DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --jump ACCEPT DX> # acesta regula accepta orice alt tip de conexiune tcp DX> # man iptables DX> [!] --syn DX> Only match TCP packets with the SYN bit set and the ACK and RST DX> bits cleared. Such packets are used to request TCP connection DX> initiation; for example, blocking such packets coming in an interface DX> will prevent incoming TCP connections, but outgoing TCP connections will DX> be unaffected. DX> It is equivalent to --tcp-flags SYN,RST,ACK SYN. If the "!" flag DX> precedes the "--syn", the sense of the option is inverted. DX> ps: daca greshesc va rog sa ma corectatzi ... DX> Liviu wrote: >> Salut, >> Ideea mea ar fi ca lumea din reteua locala sa nu poata iesi decat pe >> web si pe mail. -- Best regards, Liviu mailto:[EMAIL PROTECTED] --- Detalii despre listele noastre de mail: http://www.lug.ro/
