Try this in your firewall script:
--------------------------------------
UNPRIVPORTS="1024:65535"
#deny policy for all IPs on port 80
ipchains -P input DENY
#another way specific to 80
ipchains input -i <external interface: e.g. eth0> -p tcp -s 0.0.0.0/0 -d \
<local IP address> 80 -j DENY
#allowing specific IPs to port 80
ipchains input -i <external interface> -p tcp -s <allowed IP address> \
$UNPRIVPORTS -d <local IP address> 80 -j ACCEPT
ipchains output -i <external interface> =p tcp ! -y -s <local IP address> \
80 -d <allowed IP address) $UNPRIVPORTS -j ACCEPT
-------------------------------------------
You will need to repeat the set of ACCEPT lines for every IP you want to
allow, unless you are looking to add a range. If so, use the subnet mask
(e.g. 192.168.0.0/16, I think that's correct) instead of the other
computer's IP address. This method is less secure, but convenient.
Drew
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Dan Browning
Sent: Monday, October 09, 2000 11:52 AM
To: [EMAIL PROTECTED]
Subject: Firewall configuration question: httpd appears to some ip
addresses, but to others
I would like to setup httpd server (port 80), but only allow the port to
appear as 'open' for certain ip addresses--for all others I would like it to
be appear closed. I bet this can easily be done with a few ipchains
commands, does anyone have any hints?
Environment: RedHat 7.0, dual zeon, Cable net access.
I'm still learning ipchains. Thanks for the help.
Dan Browning
Network & Database Administrator
Cyclone Computer Systems
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
