open http, smtp, ssh and imap and close all..
... IPT="/sbin/iptables" INT="eth0" # clear _all_ rules $IPT -F $IPT -F INPUT $IPT -F OUTPUT $IPT -X # our policies $IPT -P INPUT DROP $IPT -P OUTPUT ACCEPT $IPT -N dropwall $IPT -A dropwall -m limit --limit 15/minute -j LOG --log-prefix Dropwall: $IPT -A dropwall -j DROP #// smtp $IPT -A INPUT -i $INT -s 0/0 -d 0/0 -p tcp --dport 25 -j ACCEPT $IPT -A INPUT -i $INT -s 0/0 -d 0/0 -p udp --dport 25 -j ACCEPT #// http $IPT -A INPUT -i $INT -s 0/0 -d 0/0 -p tcp --dport 80 -j ACCEPT $IPT -A INPUT -i $INT -s 0/0 -d 0/0 -p udp --dport 80 -j ACCEPT #// ssh $IPT -A INPUT -i $INT -s 0/0 -d 0/0 -p tcp --dport 22 -j ACCEPT $IPT -A INPUT -i $INT -s 0/0 -d 0/0 -p udp --dport 22 -j ACCEPT #// imap $IPT -A INPUT -i $INT -s 0/0 -d 0/0 -p tcp --dport 143 -j ACCEPT $IPT -A INPUT -i $INT -s 0/0 -d 0/0 -p udp --dport 143 -j ACCEPT #// deny all $IPT -A INPUT -j DROPWALL ... for port # referrence, try viewing it in your /etc/services. Quoting Ina Patricia Lopez <[EMAIL PROTECTED]>: > thanks Meric. > > I'll try using iptables. > what if i want to deny & log all incoming traffic to my eth0 and only > allow specific port connections like smtp,http,ssh and imap? how do i > specify port? > > thanks, > ina > --- "Mara,Meric B" <[EMAIL PROTECTED]> wrote: > > eto yung madaling paraan to do it. > > (note: you can change the ethernet value kung saan mo gusto imasq > > yung > > network mo.) > > > > IPTABLES="/sbin/iptables" > > > > $IPTABLES -F INPUT > > $IPTABLES -F OUTPUT > > $IPTABLES -F FORWARD > > > > $IPTABLES -P INPUT DROP > > $IPTABLES -P OUTPUT ACCEPT > > $IPTABLES -P FORWARD ACCEPT > > > > #Enable IP FORWARDING > > > > echo 1 > /proc/sys/net/ipv4/ip_forward > > > > $IPTABLES -A INPUT -i lo -j ACCEPT > > $IPTABLES -A INPUT -i eth0 -j ACCEPT > > $IPTABLES -A INPUT -i eth1 -j ACCEPT > > > > $IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > > > ========= > > but if you you still want to use ipchains > > > > #iptables -F > > #rmmod iptables > > #service ipchains start > > #chkconfig --level 35 ipchains on > > > > sana makatulong ito. > > > > meric > > > > ----- Original Message ----- > > From: "Ina Patricia Lopez" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, October 15, 2002 10:37 AM > > Subject: Re: [plug] ipchains (masq) > > > > > > > /sbin/iptables -L is working. I dont know how to use masq with > > > iptables. Im just following these 3 lines for ipchains. > > > > > > echo 1 > /proc/sys/net/ipv4/ip_forward > > > ipchains -P forward DENY > > > ipchains -A forward -i ppp0 -j MASQ > > > > > > how to i unload iptables and load ipchains? > > > > > > thanks, > > > ina patricia > > > > > > --- "Mara,Meric B" <[EMAIL PROTECTED]> wrote: > > > > check if the IPTABLE is loaded in your kernel. > > > > you must unload it first. > > > > then insert IPCHAIN if that is what your prefer. > > > > > > > > but why not use IPTABLE? > > > > > > > > ----- Original Message ----- > > > > From: "Ina Patricia Lopez" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > Sent: Tuesday, October 15, 2002 10:12 AM > > > > Subject: [plug] ipchains (masq) > > > > > > > > > > > > > Hi! > > > > > I want to use ipchains for masquerading but im getting this > > from > > > > my > > > > > linux box. How do i enable it? What do i need? > > > > > > > > > > thanks. > > > > > inapatricia > > > > > > > > > > > > > > > [root@IntraServ ]# /etc/rc.d/init.d/ipchains stop > > > > > Flushing all chains: ipchains: Incompatible with this kernel > > > > > [FAILED] > > > > > Removing user defined chains: ipchains: Incompatible with this > > > > kernel > > > > > [FAILED] > > > > > Resetting built-in chains to the default ACCEPT > > policy:ipchains: > > > > > Protocol not available > > > > > [FAILED] > > > > > [root@IntraServ ]# /etc/rc.d/init.d/ipchains start > > > > > [root@IntraServ ]# /sbin/ipchains -L > > > > > ipchains: Incompatible with this kernel > > > > > [root@IntraServ ]# > > > > > > > > > > > > > > > __________________________________________________ > > > > > Do you Yahoo!? > > > > > Faith Hill - Exclusive Performances, Videos & More > > > > > http://faith.yahoo.com > > > > > _ > > > > > Philippine Linux Users Group. Web site and archives at > > > > http://plug.linux.org.ph > > > > > To leave: send "unsubscribe" in the body to > > > > [EMAIL PROTECTED] > > > > > > > > > > Fully Searchable Archives With Friendly Web Interface at > > > > http://marc.free.net.ph > > > > > > > > > > To subscribe to the Linux Newbies' List: send "subscribe" in > > the > > > > body to > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > _ > > > > Philippine Linux Users Group. Web site and archives at > > > > http://plug.linux.org.ph > > > > To leave: send "unsubscribe" in the body to > > > > [EMAIL PROTECTED] > > > > > > > > Fully Searchable Archives With Friendly Web Interface at > > > > http://marc.free.net.ph > > > > > > > > To subscribe to the Linux Newbies' List: send "subscribe" in the > > body > > > > to [EMAIL PROTECTED] > > > > > > > > > __________________________________________________ > > > Do you Yahoo!? > > > Faith Hill - Exclusive Performances, Videos & More > > > http://faith.yahoo.com > > > _ > > > Philippine Linux Users Group. Web site and archives at > > http://plug.linux.org.ph > > > To leave: send "unsubscribe" in the body to > > [EMAIL PROTECTED] > > > > > > Fully Searchable Archives With Friendly Web Interface at > > http://marc.free.net.ph > > > > > > To subscribe to the Linux Newbies' List: send "subscribe" in the > > body to > > [EMAIL PROTECTED] > > > > > > > _ > > Philippine Linux Users Group. Web site and archives at > > http://plug.linux.org.ph > > To leave: send "unsubscribe" in the body to > > [EMAIL PROTECTED] > > > > Fully Searchable Archives With Friendly Web Interface at > > http://marc.free.net.ph > > > > To subscribe to the Linux Newbies' List: send "subscribe" in the body > > to [EMAIL PROTECTED] > > > __________________________________________________ > Do you Yahoo!? > Faith Hill - Exclusive Performances, Videos & More > http://faith.yahoo.com > _ > Philippine Linux Users Group. Web site and archives at > http://plug.linux.org.ph > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > > Fully Searchable Archives With Friendly Web Interface at > http://marc.free.net.ph > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to > [EMAIL PROTECTED] > God Bless! H o w a r d R. B a g c a t WebAdmin, MUWeb - Edition 4 Project <http://www.mu.edu.ph> Systems Programmer, RBT/RBK & MUMC Project Misamis University.Ozamiz City.Philippines tel: 088.521.0367.local.109 | cel: 63.0919.5536179 Imagination is more important than knowledge -Albert Einstein Sulat @MU v.2.0.0 ....................................................................................... An extended module for MUWeb4 Project of Howard R. Bagcat Powered by GNU General Public License softwares. http://my.mu.edu.ph - a personalized portal is soon to come. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
