Hi,
Sudhakar Chandra typed:
> Please don't ask me to RTFM for this question. I am planning to do that
> when I have the time. Can someone give me step by step instructions on
> quickly setting up ip chains such that only localhost can connect to some
> port XYZ on my machine.
This is what I do:
/sbin/ipchains -A input -j REJECT -p tcp -i ppp+ --dport <port>
This is based on which interface the packet comes on (in this case
ppp*). If you want to do it based on IP, then change "-i ppp+" to
"-s ! 127.0.0.1".
Step by step:
-A input : input chain
-j REJECT: REJECT all packets - means sender is notified that
the packet is dropped
-p tcp : all tcp packets
-i ppp+ : interface ppp*
--dport : the destination port
<people - please don't tell me how bad my ipchains knowledge is or how
much better my rules could be - I did this just a week ago! ;-) >
And Thaths:
1) Get onto IRC for more details! ;-)
2) RTFM. *runs*
:-)
--
Mrinal Kalakrishnan <[EMAIL PROTECTED]> http://mrinal.dhs.org/
Linux 2.2.16 || PGP:B1E86F5B || Mutt 1.3.6i (2000-07-28) || VIM 5.6
--
"I would rather spend 10 hours reading someone else's source code than
10 minutes listening to Musak waiting for technical support which isn't."
(By Dr. Greg Wettstein, Roger Maris Cancer Center)
----------------------------------------------
LIH is all for free speech. But it was created
for a purpose. Violations of the rules of
this list will result in stern action.
