I think you also need a rule to deny connections from "untrusted hosts". Either by setting an input policy of DENY: /sbin/ipchains -P input DENY or by denying untrusted hosts at specific ports: /sbin/ipchains -A input -s [untrusted hosts] -d [your host] <ports> -j DENY My understanding of ipchains is that if a packet does not match a DENY or REJECT rule, then it is allowed through. So in order to restrict access to your http server you need to have at least two rules: one to allow connections you want, and one (or more) to reject connections you don't want. __ Larry Grover, PhD Assoc Prof of Physiology Marshall Univ Sch of Med On Tue, 10 Oct 2000 11:02:03 -0400 (EDT), Charles Galpin <[EMAIL PROTECTED]> wrote: > > I'm no expert, but this should do it > > ipchains -F input # fluch ruleset > ipchains -A input -s [trusted host/net] -d $LOCALNET <ports> -j ACCEPT > > hth > charles > > On Mon, 9 Oct 2000, Dan Browning wrote: > >> I would like to setup httpd server (port 80), but only allow the port to >> appear as 'open' for certain ip addresses--for all others I would like it to >> be appear closed. I bet this can easily be done with a few ipchains >> commands, does anyone have any hints? >> >> Environment: RedHat 7.0, dual zeon, Cable net access. >> >> I'm still learning ipchains. Thanks for the help. >> >> Dan Browning >> Network & Database Administrator >> Cyclone Computer Systems _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
