Mailinglist Archive: opensuse-security (175 mails)
| < Previous | Next > |
ipchains
- From: flea <flea@xxxxxxx>
- Date: Mon, 20 Sep 1999 16:00:10 -0700
- Message-id: <4.1.19990920155410.02288c80@xxxxxxxxxxxx>
Hello, sorry if your on the the other SuSE lists as this is now being
posted to both. Sadly, I didn't get much help there.
I'm trying to set up my linux box to do the following jobs:
1. I want to use it to act as a proxy(is this the right word) for the rest
of my lan. it's already doing that nicely.
2. I really don't want to serve anything to the outside world.
3. I would like to be able to access sshd, httpd and ftpd to the lan only.
So far, I've used hosts.deny with ALL:ALL, and hosts.allow ALL:192.168.0.3
I'd like to extend that to everything that starts with 192.168., but I'm
not sure how. Can I use ALL:192.168.*/32(24?) or somthing like this?
I've also tried to to add the following line to rc.firewall (where all my
chains live now):
/sbin/ipchains -A input -p tcp -i ! eth1 -s 0/0 -d 0/0 80 -j DENY
This seems to be working, just wanted to see if anybody could tell me if
this is the best way to do this and if it will effectivly block out traffic
on eth0 to port 80. If this does work, then I'll add two more but change
the port to 21 and 22 (sshd and ftpd)
Thanks in adavance, flea
posted to both. Sadly, I didn't get much help there.
I'm trying to set up my linux box to do the following jobs:
1. I want to use it to act as a proxy(is this the right word) for the rest
of my lan. it's already doing that nicely.
2. I really don't want to serve anything to the outside world.
3. I would like to be able to access sshd, httpd and ftpd to the lan only.
So far, I've used hosts.deny with ALL:ALL, and hosts.allow ALL:192.168.0.3
I'd like to extend that to everything that starts with 192.168., but I'm
not sure how. Can I use ALL:192.168.*/32(24?) or somthing like this?
I've also tried to to add the following line to rc.firewall (where all my
chains live now):
/sbin/ipchains -A input -p tcp -i ! eth1 -s 0/0 -d 0/0 80 -j DENY
This seems to be working, just wanted to see if anybody could tell me if
this is the best way to do this and if it will effectivly block out traffic
on eth0 to port 80. If this does work, then I'll add two more but change
the port to 21 and 22 (sshd and ftpd)
Thanks in adavance, flea
| < Previous | Next > |