Dekxter, da dar omu a specificat ca vrea ipchains :((((((( cu -y cred ca era in ipchains :)) in loc de --syn
Monday, October 13, 2003, 6:32:40 PM, you wrote: DX> va trebui sa modifici FORWARD cu: DX> iptables --policy FORWARD DROP DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 25 --jump ACCEPT DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 80 --jump ACCEPT DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 110 --jump ACCEPT DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 143 --jump ACCEPT DX> # aceste 4 reguli sunt pentru acces la orice adresa pentru DX> # mail prin POP3, IMAP, send shi www DX> iptables -A FORWARD -d 192.168.0.0/24 --syn --jump DROP DX> iptables -A FORWARD -s 192.168.0.0/24 --syn --jump DROP DX> # aceste 2 reguli resping orice tentativa de initiere a unei conectari DX> # in reteaua locala sau de la reteaua locala spre internet DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --jump ACCEPT DX> # acesta regula accepta orice alt tip de conexiune tcp DX> # man iptables DX> [!] --syn DX> Only match TCP packets with the SYN bit set and the ACK and RST DX> bits cleared. Such packets are used to request TCP connection DX> initiation; for example, blocking such packets coming in an interface DX> will prevent incoming TCP connections, but outgoing TCP connections will DX> be unaffected. DX> It is equivalent to --tcp-flags SYN,RST,ACK SYN. If the "!" flag DX> precedes the "--syn", the sense of the option is inverted. DX> ps: daca greshesc va rog sa ma corectatzi ... DX> Liviu wrote: >> Salut, >> Ideea mea ar fi ca lumea din reteua locala sa nu poata iesi decat pe >> web si pe mail. -- Best regards, Knight This message was brought to you by the numbers 0 and 1. --- Detalii despre listele noastre de mail: http://www.lug.ro/
