/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Carl Engstrom wrote:
> I'm sorry to ask this simple question, but I'm wondering if someone can give
> me the simple IPCHAINS rule that would open up a hole in my IPCHAINS firewall
> to allow traffic on certain port.
>
> Basically, I just need to:
>
> 1) Open up port 7001 and 7003-7005 for UDP and TCP traffic to and from my
> firewall server, from everywhere inside and out. I know I SHOULD be port
> forwarding but I am NOT. My apps are running on my firewall server.
ipchains -A input --dport 7001 -j ACCEPT
ipchains -A input --dport 7003:7005 -j ACCEPT
ipchains -A output --dport 7001 -j ACCEPT
ipchains -A output --dport 7003:7005 -j ACCEPT
> 2) I would also like a handy firewall opener that I could use to manually
> bring down the firewall when I need to...something that would basically flush
> all of the old rule and start masquerading without stopping any traffic.
#!/bin/sh
ipchains -X
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward DENY
ipchains -A forward -i $extif -j MASQ
where $extif = your external interface device name
this may or may not break existing connections (probably not)
but it's the closest you'll get to what you want. if you normal
firewall script is masquerading and that is the only thing that
happens of the forward chain, you might get away with this instead.
#!/bin/sh
ipchains -F input
ipchains -F output
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
