Adam Williams <[EMAIL PROTECTED]> writes:
[...]
>
> You don't need to do this if you use:
> # ipchains -A output -i $EXTERNAL_INTERFACE -s $IPADDR -j ACCEPT,
> which would allow any packets out of your machine. To allow the
> packets coming back from the remote machine port 25, you could do this:
>
> ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
> -s $ANYWHERE 25 --destination-port 25 -j ACCEPT
I was unclear as to how "!" worked but your post helped clarify it for
me. I see now that these rules work in pairs. One allows the
outbound packets ... the other allows the replies to it.
[...]
> >
> > So thinking I need to restart something I run:
> >
> > /etc/rc.d/init.d/inet restart
> > /etc/rc.d/init.d/network reload
> >
>
> Do you also restart the firewall?
>
No, in my case that would Flush any rules that had been added at the
command line, and only start the rules in the firewall script I think.
>From firewall script:
# Remove all existing rules belonging to this filter
ipchains -F
# Set the default policy of the filter to deny.
ipchains -P input DENY
ipchains -P output REJECT
ipchains -P forward DENY
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
