[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Re: Firewall Stuff

To: Sheflug <sheflug [at] vuw.ac.nz>
Subject: Re: [Sheflug] Re: Firewall Stuff
From: Richard Lowe <nospam [at] btinternet.com>
Date: Sun, 7 Jan 2001 15:36:03 +0000
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: Richard Lowe <richlowe [at] rata.vuw.ac.nz>
Sender: sheflug-bounce [at] vuw.ac.nz
User-Agent: Mutt/1.3.12i

* Richard (richard [at] sheflug.co.uk) wrote:
> Dear All
> 
> Richard Lowe wrote:
> 
> > > #Default to allowing nothing in, everything out.
> > > /sbin/ipchains -P input DENY
> > > /sbin/ipchains -P output ACCEPT
> > > /sbin/ipchains -P forward DENY
> 
> > At somepoint after this, you ACCEPT traffic from/to ports/hosts that you
> > want to get through.
> > 
> > ipchains -A input -s 0/0 80 -j ACCEPT
> 
> I'm thinking that .......
> 
> "ipchains -A input -i $ippp0 -s $zetnet.co.uk \
> $194.247.47.47 -j ACCEPT
> ipchains -A output -i $ippp0 -s $zetnet.co.uk \
> $194.247.47.47 -j ACCEPT

I'm assuming all the variables you're using here have values. (although
why 194.247.47.47 is one I'm not sure).

> might work but somewhere I need to put some port numbers for web pages
> and e-mail.  As well as ftp.  Then again I might use $DNS1
> xxx.xxx.xx.xx  $DNS2 xx.x.x.xx instead ?   So a port number for web
> pages would be......
> 
> ipchains -A input -s 0/0 3128 -j accept 

http comes from 80 or 8080.
/etc/services is a list of port number to services.
you can use the service names from there iirc.

> 
> for web pages and then 21 and other lines for ftp and 22/25 for e-mail
> ?

21 is ftp, you'll more than likely need 20 for ftp-data as well.

> 
> > The IPChains-HOWTO and Security-HOWTO both explain everything better
> > than I can, and iirc both have useful examples with a LAN in mind.
> 
> It's not very good compared with all else that's going around :)). 
>

The examples are a good starting point.


> Thank you
> 
> -- 
> Richard
> 
> ---------------------------------------------------------------------
> Sheffield Linux User's Group - http://www.sheflug.co.uk
> To unsubscribe from this list send mail to
> - <sheflug-request [at] vuw.ac.nz> - with the word 
>  "unsubscribe" in the body of the message. 
> 
>   GNU the choice of a complete generation.
> 
> 
> 

--
|*-------------------=[ Richard Lowe ]=------------------*|
| richlowe [at] btinternet.com                   UIN: 74724348 |           
|*-------------------------------------------------------*|
| Europe has the Kilogram and the Meter.                  |
| America has the Pound and the Inch.                     |
| Childrens TV has the Elephant and the Double Decker Bus |
|*-------------------------------------------------------*|
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] Re: Firewall Stuff
  - From: Barrie Bremner <TheEnglishman [at] ecosse.net>

References:
- [Sheflug] Firewall Stuff
  - From: Richard <richard [at] sheflug.co.uk>
- Re: [Sheflug] Firewall Stuff
  - From: Richard Lowe <richlowe [at] btinternet.com>
- [Sheflug] Re: Firewall Stuff
  - From: Richard <richard [at] sheflug.co.uk>

Prev by Date: [Sheflug] Re: Firewall Stuff
Next by Date: Re: [Sheflug] Re: bounce
Prev by thread: Re: [Sheflug] Re: Firewall Stuff
Next by thread: Re: [Sheflug] Re: Firewall Stuff
Index(es):
- Date
- Thread