Hello World,
I am facing with some problems in ipchains . I am going thru the book
"Professional Linux Deployment" for ipchains.
According to the authors, ipchains are applied hierarchically, and so
your first policy should be DENY all.
Then you should allow services one by one.
BUT this does not seem to work. If you deny everything, in the first place,
a packet is *not* matched against any next rules.
I tried to do something like this:
IPCHAINS=/sbin/ipchains
$IPCHAINS -N firewall
$IPCHAINS -A firewall -s 0.0.0.0/0 -j DENY -l
$IPCHAINS -A input -s 0.0.0.0/0 -j DENY -l
$IPCHAINS -A input -i eth0 -j firewall
$IPCHAINS -A firewall -i lo -j ACCEPT
$IPCHAINS -A firewall -p TCP -s 0.0.0.0/0 1024: -d 192.168.100.81 telnet -j ACCEPT
This is according to the book. It should enable telnet access to 192.168.100.81.
When I do ipchains -L -n, I get something like this :
Chain input (policy ACCEPT):
target prot opt source destination ports
DENY all ----l- 0.0.0.0/0 0.0.0.0/0 n/a
firewall all ------ 0.0.0.0/0 0.0.0.0/0 n/a
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
Chain firewall (1 references):
target prot opt source destination ports
DENY all ----l- 0.0.0.0/0 0.0.0.0/0 n/a
ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
ACCEPT tcp ------ 0.0.0.0/0 192.168.100.81 1024:65535 -> 23
The problem is, the first rule is DENY, and hence nothing works.
Can someone guide me thru this ?
Thanks in advance.
Peace.
Amarendra GODBOLE :-)
--
_\|/_
(o o)
-----------------------------------oOO-(_)-OOo-----
A computer scientist is someone who, when told to
'Go to Hell', sees the 'go to', rather than the
destination, as harmful. http://amar.gnu-linux.net
---------------------------------------------------
----------------------------------------------
Find out more about this and other Linux India
mailing lists at http://lists.linux-india.org/