Hi,

Sudhakar Chandra typed:
> Please don't ask me to RTFM for this question.  I am planning to do that
> when I have the time.  Can someone give me step by step instructions on
> quickly setting up ip chains such that only localhost can connect to some
> port XYZ on my machine.

This is what I do:

/sbin/ipchains -A input -j REJECT -p tcp -i ppp+ --dport <port>

This is based on which interface the packet comes on (in this case
ppp*). If you want to do it based on IP, then change "-i ppp+" to
"-s !  127.0.0.1".

Step by step:
        -A input : input chain
        -j REJECT: REJECT all packets - means sender is notified that
                the packet is dropped
        -p tcp   : all tcp packets
        -i ppp+  : interface ppp*
        --dport  : the destination port

<people - please don't tell me how bad my ipchains knowledge is or how
much better my rules could be - I did this just a week ago! ;-) >

And Thaths:
1) Get onto IRC for more details! ;-)
2) RTFM.  *runs*

:-)

-- 
Mrinal Kalakrishnan <[EMAIL PROTECTED]> http://mrinal.dhs.org/
Linux 2.2.16 || PGP:B1E86F5B || Mutt 1.3.6i (2000-07-28) || VIM 5.6 
-- 
"I would rather spend 10 hours reading someone else's source code than
10 minutes listening to Musak waiting for technical support which isn't."
(By Dr. Greg Wettstein, Roger Maris Cancer Center)

----------------------------------------------
LIH is all for free speech.  But it was created
for a purpose.  Violations of the rules of
this list will result in stern action.

Reply via email to