Search on freshmeat.net (or google) for rc.firewall, firemasq and firedog You'll find examples of scripts that use IP chains.
You can learn from those examples. rc.firewall is actually a script that enables rules such as, "deny anyone from the outside pretending to be an inside address", etc. You can then create a rule that says basically: source 10.0.0.0/24 port 111 destination $internalinterface port 111 allow source 0.0.0.0/24 port 111 destination $externalinterface port 111 deny The regular rc.firewall won't have the port specific blocks, but firedog and firemasq do. Cory -----Original Message----- From: Phill Kenoyer [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 21, 2000 1:15 PM To: Debian Firewall List Subject: Blocking Ports from showing up in scans I have a small masq/web server on a DSL. I would like to make it a bit more secure. Its a default install of debian. I have nfs and samba running for my workstations to have access to the box. I have most things turned off like telnet and ftp. What I would like to do is block a few ports from the outside, but keep them for the local net. I dont really want to learn ipchains, because I dont have the time right now. I've very busy, and I would just like to do my work, but an example of how to do this would teach me a great deal. I have not found anything on web searches that would build the rules for me, that would run on a server without X installed. If anyone is willing to do the rules for me, I would really be happy. Thanks. eth0 is 10.0.0.1, private eth1 is public. My private network is using 10.0.0.x. ip_masq deb is installed. I have the following ports open on my server. I have marked with * the ones that I want to close off to the outside, and have them not show up in a port scan. (The 1505 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop-3 *111/tcp open sunrpc 113/tcp open auth *139/tcp open netbios-ssn 389/tcp open ldap 443/tcp open https *515/tcp open printer *829/tcp open unknown *899/tcp open unknown *983/tcp open unknown *2049/tcp open nfs *3306/tcp open mysql *5432/tcp open postgres -- _ | _ (_()(|('.|)('||.|()|`|( -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
