The ipchains rules are read from top to bottom. The first rule to match is used, and no other rules are read.
So if you want to allow access to a port only by certain hosts, have a rule at the top that allows this access, and have another rule following it denying access to everyone. J. On Thu, 2002-01-17 at 14:06, Francisco S�nchez wrote: > Now I have installed on my RaQ3 ipchains and pmfirewall, along with > portsentry. > > However there are a couple of things I don't have clear: > > - 1. When using ipchains, you can choose either to reject or deny > connections to a particular port. However you can also allow connections to > a port to a given IP address and netmask. That is what I have done with, > for expample, ssh. My question here is, for those people who try now to > connect by ssh from an IP other than those allowed, what will the get, > reject or deny? > > -2. Also, with portsentry, there is an ignore file, but I have seen that > after a restart or reboot, the entries you add there are deleted. However, > the IP addresses for the machine and 127.0.0.1 are always there. How can an > IP or IP range be added permanently to that file? > > Thanks for any assitance. > > Francisco > > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
