Victor Michael Blancas wrote:
> --- Ina Patricia Lopez <[EMAIL PROTECTED]> wrote:
> > hi!
> > been trying to block all packets going into my
> > web server except
> > http and dns traffic, but my code seems to be
> > blocking them all.
> >
> > /sbin/ipchains -A input -s 0.0.0.0/0 -d x.x.x.2 -p
> > 80 -j ACCEPT
> > /sbin/ipchains -A input -s 0.0.0.0/0 -d x.x.x.2 -p
> > 53 -j ACCEPT
> > /sbin/ipchains -A input -s 0.0.0.0/0 -j DENY
> >
> > where:
> > x.x.x.1 is my linux firewall
> > x.x.x.2 is my webserver
> >
> > tama po ba yung code ko?
wrong simply because you didnt specify what protocol is going to use.
> yup tama yung code mo but you have to rearrange it.
> you must DENY first then ACCEPT.
> your last command should be the first.
if you deny all as the first line.. firewall rule stop there.. everything follows that
line will not going to
evaluate.
the proper code for ipchains for your needs:
/sbin/ipchains -A input -p tcp -s 0.0.0.0/0 -d x.x.x.2 80 -j ACCEPT
/sbin/ipchains -A input -p tcp -s 0.0.0.0/0 -d x.x.x.2 53 -j ACCEPT
/sbin/ipchains -A input -p udp -s 0.0.0.0/0 -d x.x.x.2 53 -j ACCEPT
/sbin/ipchains -A input -s 0.0.0.0/0 -j DENY
fooler.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
