bash-2.03# tail -f /var/log/messages ...(snip'd) Nov 13 19:01:37 router pppd[229]: Starting link Nov 13 19:01:37 router pppd[229]: Perms of /dev/modem are ok, no 'mesg n' neccesary. Nov 13 19:01:38 router WvDial: WvDial: Internet dialer version 1.41 Nov 13 19:01:38 router WvDial: Initializing modem. Nov 13 19:01:38 router WvDial: Sending: ATZ Nov 13 19:01:38 router WvDial: ATZ Nov 13 19:01:38 router WvDial: OK Nov 13 19:01:38 router WvDial: Sending: ATQ0 V1 E1 S0=0 &C1 &D2 Nov 13 19:01:39 router WvDial: ATQ0 V1 E1 S0=0 &C1 &D2 Nov 13 19:01:39 router WvDial: OK Nov 13 19:01:39 router WvDial: Modem initialized. Nov 13 19:01:39 router WvDial: Idle Seconds = 240, disabling automatic reconnect. Nov 13 19:01:39 router WvDial: Sending: ATDT 9193539 Nov 13 19:01:39 router WvDial: Waiting for carrier. Nov 13 19:01:39 router WvDial: ATDT 9193539 Nov 13 19:02:11 router WvDial: CONNECT 45333 V42bis Nov 13 19:02:11 router WvDial: Carrier detected. Starting PPP immediately. Nov 13 19:02:11 router pppd[229]: Serial connection established. Nov 13 19:02:11 router pppd[229]: Connect: ppp0 <--> /dev/modem ... Nov 13 19:02:13 router pppd[229]: sent [IPCP ConfReq id=0x5 ] Nov 13 19:02:13 router pppd[229]: sent [CCP ConfReq id=0x3 ] ... Nov 13 19:02:13 router pppd[229]: sent [IPCP ConfReq id=0x6 ] Nov 13 19:02:13 router pppd[229]: rcvd [LCP ProtRej id=0x3 80 fd 01 03 00 0f 1a 04 78 00 18 04 78 00 15 03 2f] Nov 13 19:02:13 router pppd[229]: rcvd [IPCP ConfAck id=0x6 ] Nov 13 19:02:13 router pppd[229]: Local IP address changed to 208.150.55.85 Nov 13 19:02:13 router pppd[229]: Remote IP address changed to 208.150.59.55 Nov 13 19:02:14 router pppd[229]: Open ICMP 208.150.55.85 -> 141.142.2.2 Nov 13 19:02:14 router pppd[229]: sent [IP data] 45 00 00 54 08 04 00 00 ... Nov 13 19:02:14 router pppd[229]: Script /etc/ppp/ip-up started (pid 1798) Nov 13 19:02:14 router ip-up: Installed /etc/resolv.conf for DNS at ppp0 Nov 13 19:02:14 router ip-up: Sleep 5 Seconds Nov 13 19:02:19 router ip-up: IP-UP Analog Area Nov 13 19:02:19 router ip-up: Assigned Internet Address is 208.150.55.85 Nov 13 19:02:19 router ip-up: More IP Spoofing protection Nov 13 19:02:19 router ip-up: Setting up IP spoofing proection... Completed IP spoofing protection. Nov 13 19:02:19 router ip-up: Starting IP Source Routing Protection Nov 13 19:02:19 router ip-up: Starting IP ICMP Redirect Protection Nov 13 19:02:19 router ip-up: Starting IP TCP SYN Cookie Protection Nov 13 19:02:19 router ip-up: Starting IP Fragment Protection Nov 13 19:02:19 router ip-up: Starting IP ICMP Broadcast Echo Protection Nov 13 19:02:19 router ip-up: Starting IP Bogus Error Response Protection Nov 13 19:02:19 router ip-up: Starting IP Martian Logging Nov 13 19:02:19 router ip-up: Flush all policies Nov 13 19:02:19 router ip-up: Setting default policy of deny Nov 13 19:02:19 router ip-up: Spoofed Packet Configuration Nov 13 19:02:20 router ip-up: ICMP Configuration... complete. Nov 13 19:02:20 router ip-up: Loopback Configuration Nov 13 19:02:20 router ip-up: Unlimited internal traffic Nov 13 19:02:20 router ip-up: Enabling to obtain IP Address via DHCP Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service DNS using port(s) 53 Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service DynIP using port(s) 252 Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service FINGER using port(s) 79 Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service FTP using port(s) 21 Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service HTTP using port(s) 80 Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service HTTPS using port(s) 443 Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service ICQ using port(s) Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service IMAP using port(s) 143 Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service IRC using port(s) 6667 Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service LDAP using port(s) 398 Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service NNTP using port(s) 119 Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service NTP using port(s) 123 Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service POP3 using port(s) 110 Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service SMTP using port(s) 25 Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service SSH using port(s) 22 Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service TELNET using port(s) 23 Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service TRACEROUTE using port(s) 32769:65535 Nov 13 19:02:20 router ip-up: Configure from Inside to Outside Service WHOIS using port(s) 43 Nov 13 19:02:20 router ip-up: NAT / MASQ Configuration Nov 13 19:02:20 router ip-up: Enabling IP forwarding Nov 13 19:02:20 router ip-up: Deny without logging Nov 13 19:02:20 router ip-up: Input default policy, log all that we do not allow Nov 13 19:02:20 router ip-up: Output default policy, log all that we do not allow Nov 13 19:02:20 router ip-up: Forward default policy, log all that we do not allow Nov 13 19:02:43 router pppd[229]: sent [LCP EchoReq id=0x1 magic=0x78f056ff] Nov 13 19:02:43 router pppd[229]: rcvd [LCP EchoRep id=0x1 magic=0x0] Nov 13 19:03:13 router pppd[229]: sent [LCP EchoReq id=0x2 magic=0x78f056ff] Nov 13 19:03:13 router pppd[229]: rcvd [LCP EchoRep id=0x2 magic=0x0i] (no traffic getting through, no kernel log messages) (do a -L to see what's going on) bash-2.03# ipchains -L Chain input (policy DENY): Chain forward (policy DENY): Chain output (policy DENY): target prot opt source destination ports ACCEPT all ------ anywhere anywhere n/a (no rules have been applied, so i'll execute the fwscript that my rules are derived from) bash-2.03# /etc/ppp/fwscript .... bash-2.03# ipchains -L Chain input (policy DENY): target prot opt source destination ports DENY all ----l- 192.168.1.0/24 anywhere n/a ACCEPT icmp ------ anywhere anywhere destination-u nreachable ACCEPT icmp ------ anywhere anywhere source-quench ACCEPT icmp ------ anywhere anywhere time-exceeded ACCEPT icmp ------ anywhere anywhere parameter-pro blem ACCEPT icmp ------ anywhere anywhere echo-request ACCEPT icmp ------ anywhere anywhere echo-reply ACCEPT all ------ anywhere anywhere n/a ACCEPT all ------ anywhere anywhere n/a ACCEPT udp ------ anywhere tnt20-b-85.focal-chi.corecomm.net bootps -> bootpc ACCEPT udp ------ anywhere 255.255.255.255 bootps -> b ootpc ACCEPT udp ------ 0.0.0.0 255.255.255.255 bootpc -> b ootps ACCEPT udp ------ tnt20-b-85.focal-chi.corecomm.net anywhere bootpc -> bootps ACCEPT udp ------ anywhere anywhere bootps -> bootpc ACCEPT udp ------ anywhere tnt20-b-85.focal-chi.corecomm.net domain -> 1024:65535 ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net domain -> 1024:65535 ACCEPT udp ------ anywhere tnt20-b-85.focal-chi.corecomm.net domain -> domain ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net 252 -> 1024:65535 ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net finger -> 1024:65535 ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net ftp -> 1024:65535 ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net 1024:65535 -> 1024:65535 ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net http -> 1024:65535 ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net https -> 1024:65535 ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net callbook:terabase -> 1024:65535 ACCEPT udp ------ anywhere tnt20-b-85.focal-chi.corecomm.net terabase -> 1024:65535 ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net imap -> 1024:65535 ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net 6667 -> 1024:65535 ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net ldap -> 1024:65535 ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net nntp -> 1024:65535 ACCEPT udp ------ anywhere tnt20-b-85.focal-chi.corecomm.net ntp -> 1024:65535 ACCEPT udp ------ anywhere tnt20-b-85.focal-chi.corecomm.net ntp -> ntp ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net pop3 -> 1024:65535 ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net smtp -> 1024:65535 ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net ssh -> surf:1023 ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net ssh -> 1024:65535 ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net telnet -> 1024:65535 ACCEPT tcp !y---- anywhere tnt20-b-85.focal-chi.corecomm.net nicname -> 1024:65535 DENY igmp ------ anywhere ALL-SYSTEMS.MCAST.NET n/a DENY all ----l- anywhere anywhere n/a Chain forward (policy DENY): target prot opt source destination ports MASQ all ------ 192.168.1.0/24 anywhere n/a DENY all ----l- anywhere anywhere n/a DENY all ----l- anywhere anywhere n/a Chain output (policy DENY): target prot opt source destination ports ACCEPT icmp ------ anywhere anywhere destination-u nreachable ACCEPT icmp ------ anywhere anywhere source-quench ACCEPT icmp ------ anywhere anywhere time-exceeded ACCEPT icmp ------ anywhere anywhere parameter-pro blem ACCEPT icmp ------ anywhere anywhere echo-request ACCEPT icmp ------ anywhere anywhere echo-reply ACCEPT all ------ anywhere anywhere n/a ACCEPT all ------ anywhere anywhere n/a ACCEPT udp ------ 0.0.0.0 255.255.255.255 bootpc -> b ootps ACCEPT udp ------ tnt20-b-85.focal-chi.corecomm.net anywhere bootpc -> bootps ACCEPT udp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> domain ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> domain ACCEPT udp ------ tnt20-b-85.focal-chi.corecomm.net anywhere domain -> domain ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> 252 ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> finger ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> ftp ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> 1024:65535 ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> http ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> https ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> callbook:terabase ACCEPT udp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> terabase ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> imap ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> 6667 ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> ldap ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> nntp ACCEPT udp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> ntp ACCEPT udp ------ tnt20-b-85.focal-chi.corecomm.net anywhere ntp -> ntp ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> pop3 ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> smtp ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere surf:1023 -> ssh ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> ssh ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> telnet ACCEPT udp ------ tnt20-b-85.focal-chi.corecomm.net anywhere filenet-rpc:65535 -> traceroute:33523 ACCEPT tcp ------ tnt20-b-85.focal-chi.corecomm.net anywhere 1024:65535 -> nicname DENY all ----l- anywhere anywhere n/a ... (ok, so fwscript works) ... bash-2.03# tail -f /var/log/messages ... Nov 13 19:14:11 router pppd[229]: Terminating connection due to lack of activity Nov 13 19:14:11 router pppd[229]: Script /etc/ppp/ip-down started (pid 2081) Nov 13 19:14:11 router pppd[229]: sent [LCP TermReq id=0x6 "Link inactive"] Nov 13 19:14:11 router pppd[229]: rcvd [LCP TermAck id=0x6] Nov 13 19:14:11 router pppd[229]: Connection terminated. Nov 13 19:14:11 router pppd[229]: Connect time 12.0 minutes. Nov 13 19:14:11 router pppd[229]: Sent 592688 bytes, received 1353214 bytes. Nov 13 19:14:11 router ip-down: IP down Analog Section Nov 13 19:14:11 router ip-down: Deinstalled /etc/resolv.conf Nov 13 19:14:11 router ip-down: Flush all policies Nov 13 19:14:11 router ip-down: Sleeping 2 Seconds Nov 13 19:14:14 router ip-down: Current ppp0 Address(s)=192.168.99.1 Nov 13 19:14:14 router ip-down: ReEstablishing Routes Nov 13 19:14:14 router ip-down: eth0 Link encap:Ethernet HWaddr 00:40:33:51:5E:DA Nov 13 19:14:14 router ip-down: inet addr:192.168.1.254 Bcast:192.168.1.255 Mask:255.255.255.0 Nov 13 19:14:14 router ip-down: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Nov 13 19:14:14 router ip-down: RX packets:2290 errors:0 dropped:0 overruns:0 frame:0 Nov 13 19:14:14 router ip-down: TX packets:1711 errors:0 dropped:0 overruns:0 carrier:0 Nov 13 19:14:14 router ip-down: collisions:3 txqueuelen:100 Nov 13 19:14:14 router ip-down: Interrupt:5 Base address:0x300 Nov 13 19:14:14 router ip-down: Nov 13 19:14:14 router ip-down: lo Link encap:Local Loopback Nov 13 19:14:14 router ip-down: inet addr:127.0.0.1 Mask:255.0.0.0 Nov 13 19:14:14 router ip-down: UP LOOPBACK RUNNING MTU:3924 Metric:1 Nov 13 19:14:14 router ip-down: RX packets:262 errors:0 dropped:0 overruns:0 frame:0 Nov 13 19:14:14 router ip-down: TX packets:262 errors:0 dropped:0 overruns:0 carrier:0 Nov 13 19:14:14 router ip-down: collisions:0 txqueuelen:0 Nov 13 19:14:14 router ip-down: Nov 13 19:14:14 router ip-down: ppp0 Link encap:Point-to-Point Protocol Nov 13 19:14:14 router ip-down: inet addr:192.168.99.1 P-t-P:192.168.99.99 Mask:255.255.255.255 Nov 13 19:14:14 router ip-down: UP POINTOPOINT RUNNING NOARP MULTICAST DYNAMIC MTU:1500 Metric:1 Nov 13 19:14:14 router ip-down: RX packets:3156 errors:0 dropped:0 overruns:0 frame:0 Nov 13 19:14:14 router ip-down: TX packets:3455 errors:0 dropped:0 overruns:0 carrier:0 Nov 13 19:14:14 router ip-down: collisions:0 txqueuelen:10 Nov 13 19:14:14 router ip-down: Nov 13 19:14:14 router ip-down: Kernel IP routing table Nov 13 19:14:14 router ip-down: Destination Gateway Genmask Flags MSS Window irtt Iface Nov 13 19:14:14 router ip-down: 192.168.99.99 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 Nov 13 19:14:14 router ip-down: 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 Nov 13 19:14:14 router ip-down: 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo Nov 13 19:14:14 router ip-down: 0.0.0.0 192.168.99.99 0.0.0.0 UG 0 0 0 ppp0 Nov 13 19:14:14 router pppd[229]: Script /etc/ppp/ip-down finished (pid 2081), status = 0x0 .... (check to see what is left in ipchains rules) ... bash-2.03# ipchains -L Chain input (policy DENY): target prot opt source destination ports DENY all ----l- 192.168.1.0/24 anywhere n/a ACCEPT icmp ------ anywhere anywhere destination-unreachable ACCEPT icmp ------ anywhere anywhere source-quench ACCEPT icmp ------ anywhere anywhere time-exceeded ACCEPT icmp ------ anywhere anywhere parameter-problem ACCEPT icmp ------ anywhere anywhere echo-request ACCEPT icmp ------ anywhere anywhere echo-reply ACCEPT all ------ anywhere anywhere n/a ACCEPT all ------ anywhere anywhere n/a ACCEPT udp ------ anywhere 208.150.55.85 bootps -> bootpc ACCEPT udp ------ anywhere 255.255.255.255 bootps -> bootpc ACCEPT udp ------ 0.0.0.0 255.255.255.255 bootpc -> bootps ACCEPT udp ------ 208.150.55.85 anywhere bootpc -> bootps ACCEPT udp ------ anywhere anywhere bootps -> bootpc ACCEPT udp ------ anywhere 208.150.55.85 domain -> 1024:65535 ACCEPT tcp !y---- anywhere 208.150.55.85 domain -> 1024:65535 ACCEPT udp ------ anywhere 208.150.55.85 domain -> domain ACCEPT tcp !y---- anywhere 208.150.55.85 252 -> 1024:65535 ACCEPT tcp !y---- anywhere 208.150.55.85 finger -> 1024:65535 ACCEPT tcp !y---- anywhere 208.150.55.85 ftp -> 1024:65535 ACCEPT tcp !y---- anywhere 208.150.55.85 1024:65535 -> 1024:65535 ACCEPT tcp !y---- anywhere 208.150.55.85 http -> 1024:65535 ACCEPT tcp !y---- anywhere 208.150.55.85 https -> 1024:65535 ACCEPT tcp !y---- anywhere 208.150.55.85 callbook:terabase -> 1024:65535 ACCEPT udp ------ anywhere 208.150.55.85 terabase -> 1024:65535 ACCEPT tcp !y---- anywhere 208.150.55.85 imap -> 1024:65535 ACCEPT tcp !y---- anywhere 208.150.55.85 6667 -> 1024:65535 ACCEPT tcp !y---- anywhere 208.150.55.85 ldap -> 1024:65535 ACCEPT tcp !y---- anywhere 208.150.55.85 nntp -> 1024:65535 ACCEPT udp ------ anywhere 208.150.55.85 ntp -> 1024:65535 ACCEPT udp ------ anywhere 208.150.55.85 ntp -> ntp ACCEPT tcp !y---- anywhere 208.150.55.85 pop3 -> 1024:65535 ACCEPT tcp !y---- anywhere 208.150.55.85 smtp -> 1024:65535 ACCEPT tcp !y---- anywhere 208.150.55.85 ssh -> surf:1023 ACCEPT tcp !y---- anywhere 208.150.55.85 ssh -> 1024:65535 ACCEPT tcp !y---- anywhere 208.150.55.85 telnet -> 1024:65535 ACCEPT tcp !y---- anywhere 208.150.55.85 nicname -> 1024:65535 DENY igmp ------ anywhere 224.0.0.1 n/a DENY all ----l- anywhere anywhere n/a Chain forward (policy DENY): target prot opt source destination ports MASQ all ------ 192.168.1.0/24 anywhere n/a DENY all ----l- anywhere anywhere n/a DENY all ----l- anywhere anywhere n/a Chain output (policy DENY): target prot opt source destination ports ACCEPT icmp ------ anywhere anywhere destination-unreachable ACCEPT icmp ------ anywhere anywhere source-quench ACCEPT icmp ------ anywhere anywhere time-exceeded ACCEPT icmp ------ anywhere anywhere parameter-problem ACCEPT icmp ------ anywhere anywhere echo-request ACCEPT icmp ------ anywhere anywhere echo-reply ACCEPT all ------ anywhere anywhere n/a ACCEPT all ------ anywhere anywhere n/a ACCEPT udp ------ 0.0.0.0 255.255.255.255 bootpc -> bootps ACCEPT udp ------ 208.150.55.85 anywhere bootpc -> bootps ACCEPT udp ------ 208.150.55.85 anywhere 1024:65535 -> domain ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> domain ACCEPT udp ------ 208.150.55.85 anywhere domain -> domain ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> 252 ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> finger ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> ftp ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> 1024:65535 ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> http ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> https ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> callbook:terabase ACCEPT udp ------ 208.150.55.85 anywhere 1024:65535 -> terabase ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> imap ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> 6667 ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> ldap ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> nntp ACCEPT udp ------ 208.150.55.85 anywhere 1024:65535 -> ntp ACCEPT udp ------ 208.150.55.85 anywhere ntp -> ntp ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> pop3 ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> smtp ACCEPT tcp ------ 208.150.55.85 anywhere surf:1023 -> ssh ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> ssh ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> telnet ACCEPT udp ------ 208.150.55.85 anywhere filenet-rpc:65535 -> traceroute:33523 ACCEPT tcp ------ 208.150.55.85 anywhere 1024:65535 -> nicname DENY all ----l- anywhere anywhere n/a (the old rules are left in place)