-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 07 Mar 2003 23:57:19 +0800, [EMAIL PROTECTED] wrote:
> Now, I want to know how to allow users connect to some of ports ( services ) by > using ipchains and iptables ? > eg : allow user connect to ports : 80 ( http ), 53 ( DNS ) only... I would recommend you read a good tutorial/howto on ipchains/iptables or get some book on networking/firewalls. There are several ways on how to achieve what you want. And iptables is quite different (and more powerful) than ipchains. IMO, explaining the basics of ipchains/iptables or features like stateful filtering or connection tracking is beyond the scope of this mailing-list. What rules to add depends much on the purpose of your host. Should it be a server? Or a server and client at the same time? You might want to start with setting the default policy of the input chain to DROP: iptables --policy INPUT DROP That would drop all (!) incoming traffic (including reply-packets!) unless you opened specific ports with adding ACCEPT rules to the INPUT chain (like you did in your set of rules). If the host should be able to connect to services on remote hosts, you would need to accept incoming reply-packets (reply-packets have the source/dest port swapped). With iptables, connection tracking would make that easy. For diagnostic purposes, you could temporarily reject incoming traffic at the beginning of the chain iptables --insert INPUT --jump REJECT which would give you "connection refused" messages upon testing. However, all that would just be a small starting point. - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+aNwE0iMVcrivHFQRAmWXAJ9OGVntN0uCXlGdCiUQjOtGPzrfJQCfSp/5 xDM/TUKL1vsAmUEBWQnemZw= =Zn7T -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
