[masq] Http access

Tue, 15 Dec 1998 10:42:59 -0500 

Hello all,

I have problems with my ruling about access to the http.
The problem is that a have linux redhat 5.0 and ipmasque on it.
everything works but, people can access my system with http and I don not
want this.
how can I close the system that from local network I can access http but not
from the Internet

Here is my rules and other stuff, Please help me.
host.deny = all: all
host.allow = all: local

Ipfwadm script.

> # testing firewall stuff and masquerade
> echo "loading firewall rules"
> echo "loading firewall rules" >>/var/log/messages
> #
> # Flush all comands
> ipfwadm -F -f
> ipfwadm -I -f
> ipfwadm -O -f
> # By default deny all services
> ipfwadm -F -p deny
> ipfwadm -I -p deny
> ipfwadm -O -p deny
> # rules to allow
> #
> # Rules about Incomming stuff
> ipfwadm -I -a deny -V 194.109.102.130  -S 193.1.0.0/24 -D 0.0.0.0/0 -o
> ipfwadm -I -a accept -V 193.1.0.100 -S 193.1.0.0/24 -D 0.0.0.0/0
> ipfwadm -I -a accept -V 193.1.0.1 -S 193.1.0.0/24 -D 0.0.0.0/0
> ipfwadm -I -a accept -V 193.1.0.2 -S 193.1.0.0/24 -D 0.0.0.0/0
> ipfwadm -I -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
> ipfwadm -I -a accept -V 194.109.102.130 -S 0.0.0.0/0 -D 194.109.102.130/32
> # Rules about Outgoing stuff
> ipfwadm -O -a deny -V 194.109.102.130 -S 0.0.0.0/0 -D 193.1.0.0/24 -o
> ipfwadm -O -a deny -V 194.109.102.130 -S 193.1.0.0/23 -D 0.0.0.0/0
> ipfwadm -O -a accept -V 193.1.0.100 -S 0.0.0.0/0 -D 193.1.0.0/24
> ipfwadm -O -a accept -V 193.1.0.1 -S 0.0.0.0/0 -D 193.1.0.0/24
> ipfwadm -O -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
> ipfwadm -O -a accept -V 194.109.102.130 -S 194.109.102.130/32 -D 0.0.0.0/0
> # Rules about Forwarding stuff
> ipfwadm -F -a accept -m -S 193.1.0.1 -D 0.0.0.0/0
> ipfwadm -F -a accept -m -S 193.1.0.2 -D 0.0.0.0/0
> # loging option on the policy
> ipfwadm -F -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o
> ipfwadm -I -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o
> ipfwadm -O -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Reply via email to