Re: [suse-security] ipchains-rule to deny a special domain
Martin Peikert <martin.peikert@innominate.com> wrote:
Try "ipchains -I input 1 -d xxx.y..." instead of "ipchains -A input -d xxx.y..."
Oops - meant output, not input. MArtin -- martin.peikert@innominate.com innominate AG the linux architects tel: +49-30-308806-0 fax: -77 http://www.innominate.com
Martin Peikert wrote:
Martin Peikert <martin.peikert@innominate.com> wrote:
Try "ipchains -I input 1 -d xxx.y..." instead of "ipchains -A input -d xxx.y..."
Oops - meant output, not input.
both should work ;) maybe he should post a ipchains -L -n? -- Mit freundlichen Gruessen / best regards, Sven Michels Network Operating Center / Infrastucture ----------------------------------------- intraDAT AG Wilhelm Leuschner Strasse 7 u. 9-11 60329 Frankfurt / Germany Tel: +49 69 256 29 - 0 Fax: +49 69 256 29 - 256 http://www.intradat.com ----------------------------------------- Besuchen Sie uns vom 22.03.01-28.03.01 auf der CeBIT in Hannover, Halle 3 Stand E45 -----------------------------------------
hi! ok. i tried it with < ipchain -A forward -d xxx.yyy.zzz.xxx -j DENY > and with < ipchains -I output 1 -d xxx.yyy.zzz.xxx -j DENY > ..and I can see with ipchains -L that the rules are working, but I still have access to the restricted domain from the clients... :-( What could be wrong...? (thanx for your help ;-)) bye.
hi!
ok. i tried it with < ipchain -A forward -d xxx.yyy.zzz.xxx -j DENY > and with < ipchains -I output 1 -d xxx.yyy.zzz.xxx -j DENY >
..and I can see with ipchains -L that the rules are working, but I still have access to the restricted domain from the clients... :-(
What could be wrong...?
is the order of your rules correct? This specific deny rule you put *before* the accept rules.
(thanx for your help ;-))
bye.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
"Philipp Snizek" <mailinglists@belfin.ch> wrote:
hi!
ok. i tried it with < ipchain -A forward -d xxx.yyy.zzz.xxx -j DENY > and with < ipchains -I output 1 -d xxx.yyy.zzz.xxx -j DENY >
..and I can see with ipchains -L that the rules are working, but I still have access to the restricted domain from the clients... :-(
What could be wrong...?
is the order of your rules correct? This specific deny rule you put *before* the accept rules.
"ipchains -I input 1 ..." puts the rule in the first place. So there is no other rule *before* this one. Martin -- martin.peikert@innominate.com innominate AG the linux architects tel: +49-30-308806-0 fax: -77 http://www.innominate.com
ok. i tried it with < ipchain -A forward -d xxx.yyy.zzz.xxx -j DENY > and with < ipchains -I output 1 -d xxx.yyy.zzz.xxx -j DENY >
..and I can see with ipchains -L that the rules are working, but I still have access to the restricted domain from the clients... :-(
What could be wrong...?
Please read the ipchains howto at /usr/share/doc/howto/en/IPCHAINS-HOWTO.gz on a SuSE system. It answers your questions with the necessary background. It won't help you in the long run if you find the right command to enter but do not understand what's behind it. It's really not that difficult.
(thanx for your help ;-))
bye.
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
Roman Drahtmueller wrote:
ok. i tried it with < ipchain -A forward -d xxx.yyy.zzz.xxx -j DENY > and with < ipchains -I output 1 -d xxx.yyy.zzz.xxx -j DENY >
..and I can see with ipchains -L that the rules are working, but I still have access to the restricted domain from the clients... :-(
What could be wrong...?
In my last email, you need to put too the -i ethX when X is you nic internal for your network. -- www.geekcode.com -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS/cc/e/it d++ s+:+ a-- C++$ UL+++$ E++ W+++$ w--- O---- M V- PS PE+++ Y+ PGP- t+ 5 X++ R tv+ b++ DI-- D+ G e++$ h! r++ y++ ------END GEEK CODE BLOCK------ - A veces creo que hay vida en otros planetas, y a veces creo que no. En cualquiera de los dos casos, la conclusión es asombrosa (Carl Sagan) -----------------------------------------------------------------
YUST A LITLE QUESTION: you try to connect from the firewallmachine (or from another NOT LOCAL PC/connection?) :-) Pascal Ehlig ----- Original Message ----- From: "da_bug" <da_bug@gmx.net> To: <suse-security@suse.com> Sent: Wednesday, March 07, 2001 4:01 PM Subject: Re[2]: [suse-security] ipchains-rule to deny a special domain -didn't work :(
hi!
ok. i tried it with < ipchain -A forward -d xxx.yyy.zzz.xxx -j DENY > and with < ipchains -I output 1 -d xxx.yyy.zzz.xxx -j DENY >
..and I can see with ipchains -L that the rules are working, but I still have access to the restricted domain from the clients... :-(
What could be wrong...?
(thanx for your help ;-))
bye.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (7)
-
da_bug -
Hipolito A. Gonzalez M. -
jobhopper Pascal Ehlig -
Martin Peikert -
Philipp Snizek -
Roman Drahtmueller -
Sven Michels