Re: [scottish] IP Chains

Allan Whiteford Fri, 16 Feb 2001 09:28:43 -0800
Iain,

I am using the following script:

#! /bin/bash
 
echo "1" > /proc/sys/net/ipv4/ip_forward
ipchains -P forward DENY
 
ipchains -A input -j DENY -d 0.0.0.0/0 0:1000 -p tcp -i ppp0
ipchains -A input -j ACCEPT -s 0.0.0.0/0 -d 0.0.0.0/0 -p tcp -i eth0
ipchains -A input -j ACCEPT -s 0.0.0.0/0 -d 0.0.0.0/0 -p tcp -i lo
 
ipchains -A forward -j MASQ -s 192.168.10.0/24 -d 0.0.0.0/0 -i ppp

This gets my internal network 192.168.10.x surfing the web etc. and
doesn't allow incoming connections from the outside on ports below 1000
(I run stuff that I want people from the outside to be able to connect
to on ports above this).

It doesn't really address anything except tcp connections, but so far
it's done the job for me.

I have apache/ftp/telnet etc. running internally for my local machines
to connect to, this does break the rules about not running anything on a
firewall but, like you, I don't have that many machines.

Thanks,

Allan

Iain Conochie wrote:
> 
>         Hiya guys and gals,
> 
> I have been having a problem with my firewall recently. I tried to set up
> a state of protection, and after reading the docs chose a default policy
> of DENY on all three main chains INPUT, OUTPUT and FORWARD. After much
> playing around I kinda got the flat surfing the web, but I had to
> specifically allow DNS (connections udp and tcp to port 53: see attached
> config file). I know that the firewall should really NOT be running other
> network services, but unfortunately a lack of boxes prevents this from
> happening. Would it be an idea just to deny access to the services I am
> running and have a defauly policy of ACCEPT? Are there any good doc sites
> for firewalling, or should I just try with IP-tables and go with 2.4?
> 
> Any suggestions appreciated
> 
> Monkey
> 
> Linux phoenix 2.2.13
>   4:04pm  up 21:06,  3 users,  load average: 0.00, 0.00, 0.00
> 
>   ------------------------------------------------------------------------
>                             Name: ipchains.rules.strong
>    ipchains.rules.strong    Type: Plain Text (TEXT/PLAIN)
>                         Encoding: BASE64

-- 
31.69 nHz = once a year
--------------------------------------------------------------------
http://www.lug.org.uk                   http://www.linuxportal.co.uk
http://www.linuxjob.co.uk               http://www.linuxshop.co.uk
--------------------------------------------------------------------
Re: [scottish] IP Chains

Reply via email to
