[Sheflug] Re: Firewall Stuff

[Richard <nospam [at] sheflug.co.uk>]

Dear All

Richard Lowe wrote:

> > #Default to allowing nothing in, everything out.
> > /sbin/ipchains -P input DENY
> > /sbin/ipchains -P output ACCEPT
> > /sbin/ipchains -P forward DENY

> At somepoint after this, you ACCEPT traffic from/to ports/hosts that you
> want to get through.
> 
> ipchains -A input -s 0/0 80 -j ACCEPT

I'm thinking that .......

"ipchains -A input -i $ippp0 -s $zetnet.co.uk \
$194.247.47.47 -j ACCEPT
ipchains -A output -i $ippp0 -s $zetnet.co.uk \
$194.247.47.47 -j ACCEPT

might work but somewhere I need to put some port numbers for web pages
and e-mail.  As well as ftp.  Then again I might use $DNS1
xxx.xxx.xx.xx  $DNS2 xx.x.x.xx instead ?   So a port number for web
pages would be......

ipchains -A input -s 0/0 3128 -j accept 

for web pages and then 21 and other lines for ftp and 22/25 for e-mail
?

> The IPChains-HOWTO and Security-HOWTO both explain everything better
> than I can, and iirc both have useful examples with a LAN in mind.

It's not very good compared with all else that's going around :)). 

Thank you

-- 
Richard

---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.