Re: [Sheflug] Re: Firewall Stuff

[Barrie Bremner <nospam [at] ecosse.net>]

Richard Lowe wrote:
>
> > ipchains -A input -s 0/0 3128 -j accept
> 
> http comes from 80 or 8080.
> /etc/services is a list of port number to services.
> you can use the service names from there iirc.
> 
> >
> > for web pages and then 21 and other lines for ftp and 22/25 for e-mail
> > ?
> 
> 21 is ftp, you'll more than likely need 20 for ftp-data as well.
> 

 You will need ftp-data, and yes, you can use service names, but using
port numbers is as easy, and isn't subject to any wierdness in
/etc/services, IIRC.

 Example from the howto (and my system):

/sbin/ipchains -A ppp-in -p TCP -s 0.0.0.0/0 ftp-data -d 0.0.0.0/24
1024:5999 -j ACCEPT
/sbin/ipchains -A ppp-in -p TCP -s 0.0.0.0/0 ftp-data -d 0.0.0.0/24
6010: -j ACCEPT


 Baz.
--
Barrie J. Bremner

TheEnglishman [at] ecosse.net | OpenPGP public key ID: 5164F553
	    http://www.geocities.com/thefatenglishman
	    [Contact information available at website]

   "Linux? Is that some kind of MacOS?"
      -- BT technical support
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.