On 04/04/02 18:29 +0530, Prasanth George wrote: > Hi friends, > Can anyone please tell me how can I block all the external request's coming > to my machine hoisted in the internet using Ipchains.(I am using Kernal 2.2 > series and not yet updated to 2.4 series) You want to deny all incoming requests. For TCP: This is a connection oriented protocol, which uses a three way handshake to establish a connection. The beginning of the connecton is marked by a packet which has the SYN bit set. Hence, to deny all incoming connections, you DENY everything that has the sYn bit set.
The rule for this is: /sbin/ipchains -A input -s 0.0.0.0/0 -d $MY_EXT_IP -i eth0 -y -j DENY However, you will find that this makes your mail delivery a little slower :). A better ruleset is : #Set the policy /sbin/ipchains -P input DENY #Accept return traffic /sbin/ipchains -A input -s 0.0.0.0/0 -d $MY_EXT_IP -i eth0 -p tcp ! -y -j \ ACCEPT #Reject connections for auth (ident) so the mail transfer does not #suffer /sbin/ipchains -A input -s 0.0.0.0/0 -d $MY_EXT_IP --dport 113 -p tcp -i eth0 \ -j REJECT #Deny and log all incoming requests. /sbin/ipchains -A input -s 0.0.0.0/0 -d $MY_EXT_IP -i eth0 -p tcp -y -j DENY -l For UDP: This is a connectionless protocol. So you cannot filter on flags in the headers. However, this is rarely used by many protocols. Chief amongst the protocols using this are: DNS DHCP So you have to allow udp connects from your nameserver port 53. and if you get an address from DHCP, from port 67 of the DHCP server. Suggested reading material: TCP/IP Illustrated: W. Richard Stevens Volume 1. Devdas Bhagat _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
