Firewall Wizards mailing list archives
Re: Help with ipchains rules
From: Martin Peikert <news-innominate.list.nfr.firewiz () innominate de>
Date: 26 Jan 2001 08:34:28 GMT
"I'm a Swinger" <imaswinger () hotmail com> wrote: > #I allow UDP/TCP packets in for DNS, TCP for WWW, and TCP for SSH > ipchains -A -p UDP -s 123.123.123.123 dns -j ACCEPT As explained in the HOWTO: You have to specify a chain: input, forward or output. > ipchains -A -p tcp -s 123.123.123.123 dns -j ACCEPT > ipchains -A -p tcp -s 123.123.123.123 www -j ACCEPT > ipchains -A -p tcp -s 123.123.123.123 ssh -j ACCEPT > > #Local-to-local packets are OK: > ipchains -A -i lo -j ACCEPT > > #Now, my default policy on the input chain is DENY, so everything else gets > dropped: > ipchains -P input DENY Your script does not allow anything at all - the default policy is DENY and no packet matches any chain - so everything is denied. You should read the HOWTO again and the man page if you want to set up a firewall. Entering one of your lines above (except for the policy) will result in "Try `ipchains -h' or 'ipchains --help' for more information.". Martin -- martin.peikert () innominate com dipl. math. innominate AG the linux architects tel: +49-30-308806-0 fax: -77 http://www.innominate.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Help with ipchains rules I'm a Swinger (Jan 25)
- Re: Help with ipchains rules Martin Peikert (Jan 26)
- Re: Help with ipchains rules Marnix Petrarca (Jan 26)
- <Possible follow-ups>
- Re: Help with ipchains rules G.Brits (Jan 26)