Mosule, IPTABLES. Nu ipchains. Chestie de alfabet. ----- Original Message ----- From: "Knight" <[EMAIL PROTECTED]> To: "Dekxter X." <[EMAIL PROTECTED]> Sent: Tuesday, October 14, 2003 7:01 AM Subject: [rlug] Re: ICQ & YM and firewall
> Dekxter, > > da dar omu a specificat ca vrea ipchains > :((((((( > cu -y cred ca era in ipchains :)) in loc de --syn > > Monday, October 13, 2003, 6:32:40 PM, you wrote: > > DX> va trebui sa modifici FORWARD cu: > > DX> iptables --policy FORWARD DROP > > DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 25 --jump ACCEPT > DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 80 --jump ACCEPT > DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 110 --jump ACCEPT > DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 143 --jump ACCEPT > DX> # aceste 4 reguli sunt pentru acces la orice adresa pentru > DX> # mail prin POP3, IMAP, send shi www > > DX> iptables -A FORWARD -d 192.168.0.0/24 --syn --jump DROP > DX> iptables -A FORWARD -s 192.168.0.0/24 --syn --jump DROP > DX> # aceste 2 reguli resping orice tentativa de initiere a unei conectari > DX> # in reteaua locala sau de la reteaua locala spre internet > > DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --jump ACCEPT > DX> # acesta regula accepta orice alt tip de conexiune tcp > > > > DX> # man iptables > > DX> [!] --syn > DX> Only match TCP packets with the SYN bit set and the ACK and RST > DX> bits cleared. Such packets are used to request TCP connection > DX> initiation; for example, blocking such packets coming in an interface > DX> will prevent incoming TCP connections, but outgoing TCP connections will > DX> be unaffected. > DX> It is equivalent to --tcp-flags SYN,RST,ACK SYN. If the "!" flag > DX> precedes the "--syn", the sense of the option is inverted. > > DX> ps: daca greshesc va rog sa ma corectatzi ... > > DX> Liviu wrote: > > >> Salut, > >> Ideea mea ar fi ca lumea din reteua locala sa nu poata iesi decat pe > >> web si pe mail. > > > > -- > Best regards, > Knight > > This message was brought to you by the numbers 0 and 1. > > > --- > Detalii despre listele noastre de mail: http://www.lug.ro/ > > --- Detalii despre listele noastre de mail: http://www.lug.ro/
