[plug] ipchains config

Fri, 02 Aug 2002 05:24:03 -0700 

Hi all!

I'm fiddling with ipchains for the first time and it's cool!

The problem is that now I can't surf the web or ping any other servers. I
guess it's because I set it up to only let packts in from certain servers.
How does one set up ipchains so I can surf and pong?

Here's what I've got in my script. Addresses and interface names have been
changed to "protect the innocent". Any help wopuld be greatly appreciated.
I miss surfing already...

Thanks! God bless!
--------------------------------------------------------------------------

#!/bin/bash
#
# This is an ipchains configuration script. It does the
# following:
#
# 1. Flushes old rulesets 
# 2. Set default policies
# 3. Allow local interfaces (loopback and eth0)
# 4. Deny address block we should never see including the local address
#    block (192.168.1.0-24)
# 5. Allow some inbound services
# 6. Allow DNS query responses
# 7. Deny all other packets and log them
#
#
# Flush old rulesets
#
ipchains -F input
ipchains -F output
ipchains -F forward 
#
#
# Set default policies
#
ipchains -P input DENY
ipchains -P output ACCEPT
ipchains -P forward ACCEPT
#
#
# Allow local interface
#
ipchains -A input -i lo -j ACCEPT
#
#
# Deny address blocks we should never see including our local address
# block and log them
#
ipchains -A input -i <interfacex> -s 10.0.0.0/8 -j DENY -l
ipchains -A input -i <interfacex> -s 172.16.0.0/12 -j DENY -l
ipchains -A input -i <interfacex> -s 198.168.1.0/24 -j DENY -l
# 
#
# Allow incoming mail from ISP's mailserver and POP3 response
#
ipchains -A input -i <interfacex> -p tcp -s xxx.xxx.xxx.xxx -j ACCEPT
ipchains -A input -i <interfacex> -p tcp -s xxx.xxx.xxx.xxx --sport 110 -j ACCEPT
#
#
# Allow DNS query responses from DNS
#
ipchains -A input -i <interfacex> -p udp -s xxx.xxx.xxx.xxx 53 -j ACCEPT
ipchains -A input -i <interfacex> -p tcp -s xxx.xxx.xxx.xxx 53 -j ACCEPT
ipchains -A input -i <interfacex> -p udp -s xxx.xxx.xxx.xxx 53 -j ACCEPT
ipchains -A input -i <interfacex> -p tcp -s xxx.xxx.xxx.xxx 53 -j ACCEPT
# 
#
# Deny all other packets and log them
#
ipchains -A input -j DENY -l
# 
# End of script


-- [Manny Amador] ----------------------------- [[EMAIL PROTECTED]] --
   Member: Philippine League for Democratic Telecommunications, Inc.
                       "Affordable Access for All!"
-- [Distributed Development Network (DDN)] ------- [www.distdev.com] --
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
[EMAIL PROTECTED]

Reply via email to