/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ hello together, | | | eth0 +-------------------+ | | | packetfilter | | ipchains | +-------------------+ | eth1 | server1 server1: ftp, http, mail is it enough to say: # flush all commands ipchains -F input # by default, deny input chains ipchains -P input DENY # allow tcp everything when no SYN ipchains -A input -p tcp -d $server1 ! -y -j ACCEPT # allow tcp SYN only to our services ipchains -A input -p tcp -y -d $server1 ftp -j ACCEPT ipchains -A input -p tcp -y -d $server1 smtp -j ACCEPT ipchains -A input -p tcp -y -d $server1 http -j ACCEPT these are only the input rules, but i wanted to know, whether this is secure, since i allow everything except SYN... many thanks jan _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
