Radu, tu ai citit macar ce am scris? omu care a postat threadul a cerut help pentru ipchains asa ca nu sari la mine chestie de alfabet pe dracu, chestie de urmarit un thread si de deschis ochii larg :))
Wednesday, October 15, 2003, 1:48:55 AM, you wrote: R> Mosule, IPTABLES. Nu ipchains. R> Chestie de alfabet. R> ----- Original Message ----- R> From: "Knight" <[EMAIL PROTECTED]> R> To: "Dekxter X." <[EMAIL PROTECTED]> R> Sent: Tuesday, October 14, 2003 7:01 AM R> Subject: [rlug] Re: ICQ & YM and firewall >> Dekxter, >> >> da dar omu a specificat ca vrea ipchains >> :((((((( >> cu -y cred ca era in ipchains :)) in loc de --syn >> >> Monday, October 13, 2003, 6:32:40 PM, you wrote: >> >> DX> va trebui sa modifici FORWARD cu: >> >> DX> iptables --policy FORWARD DROP >> >> DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 25 --jump ACCEPT >> DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 80 --jump ACCEPT >> DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 110 --jump ACCEPT >> DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 143 --jump ACCEPT >> DX> # aceste 4 reguli sunt pentru acces la orice adresa pentru >> DX> # mail prin POP3, IMAP, send shi www >> >> DX> iptables -A FORWARD -d 192.168.0.0/24 --syn --jump DROP >> DX> iptables -A FORWARD -s 192.168.0.0/24 --syn --jump DROP >> DX> # aceste 2 reguli resping orice tentativa de initiere a unei conectari >> DX> # in reteaua locala sau de la reteaua locala spre internet >> >> DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --jump ACCEPT >> DX> # acesta regula accepta orice alt tip de conexiune tcp >> >> >> >> DX> # man iptables >> >> DX> [!] --syn >> DX> Only match TCP packets with the SYN bit set and the ACK and RST >> DX> bits cleared. Such packets are used to request TCP connection >> DX> initiation; for example, blocking such packets coming in an interface >> DX> will prevent incoming TCP connections, but outgoing TCP connections R> will >> DX> be unaffected. >> DX> It is equivalent to --tcp-flags SYN,RST,ACK SYN. If the "!" flag >> DX> precedes the "--syn", the sense of the option is inverted. >> >> DX> ps: daca greshesc va rog sa ma corectatzi ... >> >> DX> Liviu wrote: >> >> >> Salut, >> >> Ideea mea ar fi ca lumea din reteua locala sa nu poata iesi decat R> pe >> >> web si pe mail. >> >> >> >> -- >> Best regards, >> Knight >> >> This message was brought to you by the numbers 0 and 1. >> >> >> --- >> Detalii despre listele noastre de mail: http://www.lug.ro/ >> >> R> --- R> Detalii despre listele noastre de mail: http://www.lug.ro/ -- Best regards, Knight This message was brought to you by the numbers 0 and 1. --- Detalii despre listele noastre de mail: http://www.lug.ro/
