[plug] INPUT chain
Gavin Rogers
grogers at greenwood.wa.edu.au
Fri Aug 27 21:41:49 WST 1999
> For the modem interface, I setup the following rules,
>
> $ ipchains -A input -i ppp0 -p 21 -j DENY
> $ ipchains -A input -i ppp0 -p 23 -j DENY
> $ ipchains -A input -i ppp0 -p 80 -j DENY
>
> My goal in this exercise is to prevent outside telnet, ftp and www access
> to my gateway.
>
Try using -I for 'insert' instead of -A or running these rules before your
ACCEPT rules. I think the kernel is choosing the ACCEPT rule first, since it's
at the top of the list. If you move these rules to the top (either method) it
should work as you expect it.
Regards,
Gavin Rogers.
More information about the plug
mailing list