Re: [suse-security] ipchains-rule to deny a special domain
Martin Peikert <martin.peikert@innominate.com> wrote:
Oops - meant output, not input. MArtin -- martin.peikert@innominate.com innominate AG the linux architects tel: +49-30-308806-0 fax: -77 http://www.innominate.com
Martin Peikert wrote:
both should work ;) maybe he should post a ipchains -L -n? -- Mit freundlichen Gruessen / best regards, Sven Michels Network Operating Center / Infrastucture ----------------------------------------- intraDAT AG Wilhelm Leuschner Strasse 7 u. 9-11 60329 Frankfurt / Germany Tel: +49 69 256 29 - 0 Fax: +49 69 256 29 - 256 http://www.intradat.com ----------------------------------------- Besuchen Sie uns vom 22.03.01-28.03.01 auf der CeBIT in Hannover, Halle 3 Stand E45 -----------------------------------------
hi! ok. i tried it with < ipchain -A forward -d xxx.yyy.zzz.xxx -j DENY > and with < ipchains -I output 1 -d xxx.yyy.zzz.xxx -j DENY > ..and I can see with ipchains -L that the rules are working, but I still have access to the restricted domain from the clients... :-( What could be wrong...? (thanx for your help ;-)) bye.
"Philipp Snizek" <mailinglists@belfin.ch> wrote:
"ipchains -I input 1 ..." puts the rule in the first place. So there is no other rule *before* this one. Martin -- martin.peikert@innominate.com innominate AG the linux architects tel: +49-30-308806-0 fax: -77 http://www.innominate.com
Please read the ipchains howto at /usr/share/doc/howto/en/IPCHAINS-HOWTO.gz on a SuSE system. It answers your questions with the necessary background. It won't help you in the long run if you find the right command to enter but do not understand what's behind it. It's really not that difficult.
(thanx for your help ;-))
bye.
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
Roman Drahtmueller wrote:
In my last email, you need to put too the -i ethX when X is you nic internal for your network. -- www.geekcode.com -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS/cc/e/it d++ s+:+ a-- C++$ UL+++$ E++ W+++$ w--- O---- M V- PS PE+++ Y+ PGP- t+ 5 X++ R tv+ b++ DI-- D+ G e++$ h! r++ y++ ------END GEEK CODE BLOCK------ - A veces creo que hay vida en otros planetas, y a veces creo que no. En cualquiera de los dos casos, la conclusión es asombrosa (Carl Sagan) -----------------------------------------------------------------
YUST A LITLE QUESTION: you try to connect from the firewallmachine (or from another NOT LOCAL PC/connection?) :-) Pascal Ehlig ----- Original Message ----- From: "da_bug" <da_bug@gmx.net> To: <suse-security@suse.com> Sent: Wednesday, March 07, 2001 4:01 PM Subject: Re[2]: [suse-security] ipchains-rule to deny a special domain -didn't work :(
Martin Peikert wrote:
both should work ;) maybe he should post a ipchains -L -n? -- Mit freundlichen Gruessen / best regards, Sven Michels Network Operating Center / Infrastucture ----------------------------------------- intraDAT AG Wilhelm Leuschner Strasse 7 u. 9-11 60329 Frankfurt / Germany Tel: +49 69 256 29 - 0 Fax: +49 69 256 29 - 256 http://www.intradat.com ----------------------------------------- Besuchen Sie uns vom 22.03.01-28.03.01 auf der CeBIT in Hannover, Halle 3 Stand E45 -----------------------------------------
hi! ok. i tried it with < ipchain -A forward -d xxx.yyy.zzz.xxx -j DENY > and with < ipchains -I output 1 -d xxx.yyy.zzz.xxx -j DENY > ..and I can see with ipchains -L that the rules are working, but I still have access to the restricted domain from the clients... :-( What could be wrong...? (thanx for your help ;-)) bye.
"Philipp Snizek" <mailinglists@belfin.ch> wrote:
"ipchains -I input 1 ..." puts the rule in the first place. So there is no other rule *before* this one. Martin -- martin.peikert@innominate.com innominate AG the linux architects tel: +49-30-308806-0 fax: -77 http://www.innominate.com
Please read the ipchains howto at /usr/share/doc/howto/en/IPCHAINS-HOWTO.gz on a SuSE system. It answers your questions with the necessary background. It won't help you in the long run if you find the right command to enter but do not understand what's behind it. It's really not that difficult.
(thanx for your help ;-))
bye.
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
Roman Drahtmueller wrote:
In my last email, you need to put too the -i ethX when X is you nic internal for your network. -- www.geekcode.com -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS/cc/e/it d++ s+:+ a-- C++$ UL+++$ E++ W+++$ w--- O---- M V- PS PE+++ Y+ PGP- t+ 5 X++ R tv+ b++ DI-- D+ G e++$ h! r++ y++ ------END GEEK CODE BLOCK------ - A veces creo que hay vida en otros planetas, y a veces creo que no. En cualquiera de los dos casos, la conclusión es asombrosa (Carl Sagan) -----------------------------------------------------------------
participants (7)
-
da_bug -
Hipolito A. Gonzalez M. -
jobhopper Pascal Ehlig -
Martin Peikert -
Philipp Snizek -
Roman Drahtmueller -
Sven Michels