/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ Larry Lamb stated the following: > > You need to add a -i eth0 or whatever your external interface is to block > only the Internet interface. I wasn't entirely descriptive. The following services are what I want to deny to the internet and any other services that make the server vulnerable. ipchains -A input -l -p tcp -s ${ALLADDR} -d ${EXTNET} 111 -j DENY ipchains -A input -l -p udp -s ${ALLADDR} -d ${EXTNET} 111 -j DENY ipchains -A input -l -p tcp -s ${ALLADDR} -d ${EXTNET} 369 -j DENY ipchains -A input -l -p udp -s ${ALLADDR} -d ${EXTNET} 369 -j DENY ipchains -A input -l -p tcp -s ${ALLADDR} -d ${EXTNET} 23 -j DENY ipchains -A input -l -p tcp -s ${ALLADDR} -d ${EXTNET} 107 -j DENY ipchains -A input -l -p udp -s ${ALLADDR} -d ${EXTNET} 107 -j DENY ipchains -A input -l -p tcp -s ${ALLADDR} -d ${EXTNET} 20 -j DENY ipchains -A input -l -p tcp -s ${ALLADDR} -d ${EXTNET} 21 -j DENY ipchains -A input -l -p udp -s ${ALLADDR} -d ${EXTNET} 69 -j DENY ipchains -A input -l -p tcp -s ${ALLADDR} -d ${EXTNET} 115 -j DENY ipchains -A input -l -p tcp -s ${ALLADDR} -d ${EXTNET} 2003 -j DENY ipchains -A input -l -p udp -s ${ALLADDR} -d ${EXTNET} 513 -j DENY ipchains -A input -l -p tcp -s ${ALLADDR} -d ${EXTNET} 70 -j DENY ipchains -A input -l -p udp -s ${ALLADDR} -d ${EXTNET} 70 -j DENY ipchains -A input -l -p tcp -s ${ALLADDR} -d ${EXTNET} 15 -j DENY ipchains -A input -l -p tcp -s ${ALLADDR} -d ${EXTNET} 11 -j DENY ipchains -A input -l -p tcp -s ${ALLADDR} -d ${EXTNET} 79 -j DENY > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf > > If I'm denying access to those from the internet and allowing access > to those within the zone/internal network, which one is the internet > and which one is the zone? > > ipchains -A input -l -p tcp -s (111) -d (222) 369 -j DENY Note: When you reply to this message, please include the mailing list and my email address. ********************************************************************* Signed, SoloCDM _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
