On Fri, 16 Feb 2001, Allan Whiteford wrote:
> Iain,
>
> I am using the following script:
>
> #! /bin/bash
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
> ipchains -P forward DENY
>
> ipchains -A input -j DENY -d 0.0.0.0/0 0:1000 -p tcp -i ppp0
> ipchains -A input -j ACCEPT -s 0.0.0.0/0 -d 0.0.0.0/0 -p tcp -i eth0
> ipchains -A input -j ACCEPT -s 0.0.0.0/0 -d 0.0.0.0/0 -p tcp -i lo
>
> ipchains -A forward -j MASQ -s 192.168.10.0/24 -d 0.0.0.0/0 -i ppp
pretty sweet and to the point - thing is i run my own DNS - that was what
was giving me the major headaches - I could surf if I knew the IP-address,
but not the domain name
The real problem was the amount of connections to samba running on the
box, although it is pretty good at authentication
Anyway, I lost my static IP through BT's uselessness, so I guess a strict
firewall is not so important just now
Thanks for the quick reply Allan
Monkey
>
Linux phoenix 2.2.13
8:19pm up 3:13, 1 user, load average: 0.00, 0.00, 0.00
--------------------------------------------------------------------
http://www.lug.org.uk http://www.linuxportal.co.uk
http://www.linuxjob.co.uk http://www.linuxshop.co.uk
--------------------------------------------------------------------
