[plug] Lock the box - ipchains recipe etc
John Summerfield
summer at os2.ami.com.au
Wed Nov 17 06:41:07 WST 1999
> Brad Campbell wrote:
> > Is there an easy way, using ipchains maybe, to deny all
> > incomming connections, probably the easy way to do it,
> > is block incomming from ppp0 ?
>
> You do need some to operate...
>
> /sbin/ipchains -P input deny
> /sbin/ipchains -A input -i eth0 -j ACCEPT
> /sbin/ipchains -N uplink
> /sbin/ipchains -A input -i ppp0 -j uplink
> /sbin/ipchains -A uplink -s 0/0 -d 0/0 auth -j ACCEPT
> /sbin/ipchains -A uplink -p tcp -s 0/0 -d 0/0 ftp-data -j ACCEPT
> /sbin/ipchains -A uplink -s 0/0 -d 0/0 ssh -j ACCEPT
> /sbin/ipchains -A uplink -s 0/0 -d 0/0 6000 -j DENY
> /sbin/ipchains -A uplink -s 0/0 -d 0/0 5432 -j DENY
> /sbin/ipchains -A uplink -s 0/0 -d 0/0 3333 -j DENY
> # and any other high ports you want to protect, netstat will tell
> /sbin/ipchains -A uplink -s 0/0 -d 0/0 1025:65535 -j ACCEPT
>
Given that you have
ipchains -P input deny
does this perform any function, useful or otherwise?
ipchains -A uplink -s 0/0 -d 0/0 6000 -j DENY
--
Cheers
John Summerfield
http://os2.ami.com.au/os2/ for OS/2 support.
Configuration, networking, combined IBM ftpsites index.
More information about the plug
mailing list