/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ I've checked the archives and can't seem to get the correct sequence/syntax for these rules. Problem: I have a lot of unwanted users trying to login to port 21. I'd like to block those users and allow only ones from several specified hosts/ips. I realize that I could do it from ftpaccess file, but would rather use firewall rules. Would these lines be okay, in the following order? This is not my complete firewall ruleset. # Rule to allow all external traffic in /sbin/ipchains -A input -i $extint -s 0.0.0.0/0 -d $extip/32 -j ACCEPT # Added to allow certain hosts access to port 21 only /sbin/ipchains -A input -p tcp -j ACCEPT -s micro$oft.com -d $extip/32 21 /sbin/ipchains -A input -p tcp -j ACCEPT -s dell.com -d $extip/32 21 /sbin/ipchains -A input -p tcp -j ACCEPT -s test.com -d $extip/32 21 # Deny rest of traffic on port 21 ipchains -A input -p tcp -j DENY -s $extip/32 -d 0.0.0.0/0 21 Any help would be appreciated. UNI _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
