Firewall Wizards mailing list archives

Re: Help with ipchains rules

From: Martin Peikert <news-innominate.list.nfr.firewiz () innominate de>
Date: 26 Jan 2001 08:34:28 GMT

"I'm a Swinger" <imaswinger () hotmail com> wrote:
  > #I allow UDP/TCP packets in for DNS, TCP for WWW, and TCP for SSH
  > ipchains -A -p UDP -s 123.123.123.123 dns -j ACCEPT

As explained in the HOWTO:

        You have to specify a chain: input, forward or output. 

  > ipchains -A -p tcp -s 123.123.123.123 dns -j ACCEPT
  > ipchains -A -p tcp -s 123.123.123.123 www -j ACCEPT
  > ipchains -A -p tcp -s 123.123.123.123 ssh -j ACCEPT
  > 
  > #Local-to-local packets are OK:
  > ipchains -A -i lo -j ACCEPT
  > 
  > #Now, my default policy on the input chain is DENY, so everything else gets 
  > dropped:
  > ipchains -P input DENY

Your script does not allow anything at all - the default policy is DENY 
and no packet matches any chain - so everything is denied. You should 
read the HOWTO again and the man page if you want to set up a firewall.
Entering one of your lines above (except for the policy) will result in
"Try `ipchains -h' or 'ipchains --help' for more information.".

Martin 
-- 
martin.peikert () innominate com
dipl. math.                                              innominate AG
                                                  the linux architects
tel: +49-30-308806-0  fax: -77               http://www.innominate.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Help with ipchains rules I'm a Swinger (Jan 25)
- Re: Help with ipchains rules Martin Peikert (Jan 26)
- Re: Help with ipchains rules Marnix Petrarca (Jan 26)
- <Possible follow-ups>
- Re: Help with ipchains rules G.Brits (Jan 26)