Hello I'm a bit new to the concept of ipchains. Can someone explain what command to issue to block folk from outside my machine from getting into it from the internet. I've tried IP chains -P input deny but that isn't accepted by the ipchains utility. What's the correct sytnax ? Also.... how do I include a command for protecting X- windows ? It's a standalone machine just now but I'll connect it to the network eventually. Thank you Richard Sheffield UK
Richard, it helps everyone out when you include version numbers and exact error messages after exact commands. :) 1) to run ipchains you don't type: IP chains -P input deny rather, one would type: ipchains -P input deny 2) "isn't accepted" is mighty vauge. :) But, here I am guessing at your setup, a few thoughts: re-run the make xconfig (or make menuconfig or make config) for linux. be sure to select firewalling, IP Firewalling, and any other goodies you might want (such as masquerading, or portforwarding, etc..) rebuild the kernel do whatever it takes for chos or lilo or loadlin or linload to be happy reboot try ipchains again As for protecting X, you can either use ipchains to stop ports 6000-6010 (is that right gurus? Or is it just 6000?) or you *may* be able to use tcpd (hosts.deny and hosts.allow) or you can use xauth (MIT cookies -- I think enabled only if you boot into xdm or kdm). A very helpful document is located at: http://members.home.net/ipmasq/ipmasq-HOWTO-1.65.html It mentions other things than just masquerading; but if you want masq, this is a great page. :) good luck! :) On Thu, Aug 12, 1999 at 02:35:29PM +0100, Richard wrote:
Hello
I'm a bit new to the concept of ipchains. Can someone explain what command to issue to block folk from outside my machine from getting into it from the internet. I've tried IP chains -P input deny but that isn't accepted by the ipchains utility. What's the correct sytnax ? Also.... how do I include a command for protecting X- windows ?
It's a standalone machine just now but I'll connect it to the network eventually.
Thank you
Richard Sheffield UK
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Seth Arnold | ICQ 3172483 | http://cswww.willamette.edu/~sarnold/ I prosecute unsolicited bulk emails, using the RealTime BlackHole List. You should too. Ask me how, or visit http://maps.vix.com/rbl/
Seth
Seth R Arnold
Richard, it helps everyone out when you include version numbers and exact error messages after exact commands. :)
Oh... I'm sorry about that. I was working on another Linux box when I wrote the e-mail. Must remember to be more precise in future. Kernel 2.2.7 SuSE 6.1 Thanks very much :-) Richard Sheffield UK
Hello
1) to run ipchains you don't type: IP chains -P input deny rather, one would type: ipchains -P input deny
I've tried this and I get...... Try 'ipchains -h' or 'ipchains --help' for more information. If I do this I get a screen full of absolute gibberish which isn't even comprehensible or even vaguely literate. I've read many FAQs and Howtos and they don't give a clue about what to do next. So... what do I do now ? SuSE 6.2 and kernel 2.2.10. Thanks Richard Sheffield UK
participants (2)
-
Richard
-
Seth R Arnold