AArrgh...
I'm not great at IPCHAINS and have this problem should someone point out
what's going on and if any better way of cleaning it up.
I'm trying to make the default policies to DENY and rewrite my rules as
before they were ACCEPTed as default but something is breaking and I have no
idea why or what's going on..
The below rules are a copy of my home to work chains list and for some
reason the rule which is marked as *sucked* won't work with 10.10.10.70/32
which is the current static IP of my PPP link.
Though if I use 10.10.0.0/16 it all works fine.
I know the rules work for top to bottom but what I don't understand is what
happens when a rule is true? Does it continue down the list or exits the
rule table or what? This is where I'm lost.
Can anybody give me a better guide as to what's going on...
thanks.
echo 1 > /proc/sys/net/ipv4/ip_forward # Yeah I know RH has
/etc/sysconfig/network but can't be bothered.
/sbin/ipportfw
/sbin/ipchains -F
/sbin/ipchains -X
/sbin/ipchains -Z
/sbin/ipchains -M -S 14400 30 300
/sbin/ipchains -P input DENY
/sbin/ipchains -P output DENY
/sbin/ipchains -P forward DENY
# Internal LAN rules
/sbin/ipchains -A input -s 192.168.1.0/24 -d 0.0.0.0/0 -j ACCEPT
/sbin/ipchains -A output -s 192.168.1.0/24 -d 0.0.0.0/0 -j ACCEPT
# IP Forwarding
/sbin/ipchains -A forward -s 192.168.1.0/24 -d 0.0.0.0/0 -j MASQ
# Unsecure network rules
/sbin/ipchains -A input -s 0.0.0.0/0 -d 10.10.10.70/32 -j ACCEPT
/sbin/ipchains -A output -s 10.10.0.0/16 -d 0.0.0.0/0 -j ACCEPT
<--------This line sucks...
# /sbin/ipchains -A input -s 0.0.0.0/0 -d 10.10.10.70/32 23 -p tcp -i ppp0
-j REJECT
# IP Forwarding
/sbin/ipchains -A forward -s 192.168.1.0/24 -d 0.0.0.0/0 -j MASQ
thanks,
George Vieira
Network Administrator
http://www.citadelcomputer.com.au
PGP Fingerprint : 43DC 92AC 1A82 27B2 E97B 52F1 B60F 301A 38A9 A10C
PGP KeyID: 0x38A9A10C
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
