fre, 2002-06-14 kl. 10:58 skrev Oskar Andreasson: > Sorry to say, but I am simply too swamped to even read through this. > CC [EMAIL PROTECTED] since he is not on the list.
>> I appreciated your iptables tutorial. Using Oskar's rc.firewall and rulesets as a guide: >From the Internet: INPUT -> tcp_packets -> allowed Your rules are: # # TCP rules # $IPTABLES -A tcp_packets -p TCP -s 0/0 -j LOG --log-prefix "IPT tcp_packets :" $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 25 -j allowed $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 113 -j allowed $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 1810 -j allowed But you say: "I wish to allow ports 80, 8888, 8080, ssh, dcc from outside", So, allow them then. You've already loaded ip_conntrack, so more shouldn't be necessary. Further, you say: "(I wish to allow) almost anything coming IN from 192.168.1.2-10" You don't allow -m state --state NEW packets out from your LAN (you allow established etc. packets back in, but you don't allow new connections out). Oskar writes: $IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT I.e., accept new connections out. This is just to be getting on with. Best, Tony -- Tony Earnshaw e-post: [EMAIL PROTECTED] www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
signature.asc
Description: Dette er en digitalt signert meldingsdel
