[SLE] Ipchains/Firewall
I have an extremely weird problem. This is the rule I am using: ipchains -A input -j DENY -p tcp -l -s 0.0.0.0/0 -i eth0 -d 192.168.1.4/32 53 ipchains -A input -j DENY -p udp -l -s 0.0.0.0/0 -i eth0 -d 192.168.1.4/32 53 This is to deny access to anyone on eth0 (the internet) to my name server but allow it from 192.168.1.4. Now the problem is. That it ignores the rule. Everyone can still access the nameserver. Did I screw the rule up. or am I on cheap drugs? -- Scott Walker Freedom Communications Inc. crimson@freedom.oftheinter.net http://freedom.oftheinter.net Court Room Quotes Q: Doctor, how many autopsies have you performed on dead people? A: All my autopsies have been performed on dead people. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Actually after playing with it for a few minutes I got it... the proper rule is ipchains -A input -j DENY -p tcp -l -s 0/0 -i eth0 -d 0/0 53 * crimson@freedom.oftheinter.net <crimson@freedom.oftheinter.net> [000103 18:14]:
I have an extremely weird problem. This is the rule I am using: ipchains -A input -j DENY -p tcp -l -s 0.0.0.0/0 -i eth0 -d 192.168.1.4/32 53 ipchains -A input -j DENY -p udp -l -s 0.0.0.0/0 -i eth0 -d 192.168.1.4/32 53
This is to deny access to anyone on eth0 (the internet) to my name server but allow it from 192.168.1.4. Now the problem is. That it ignores the rule. Everyone can still access the nameserver. Did I screw the rule up. or am I on cheap drugs?
-- Scott Walker Freedom Communications Inc. crimson@freedom.oftheinter.net http://freedom.oftheinter.net
Court Room Quotes
Q: Doctor, how many autopsies have you performed on dead people? A: All my autopsies have been performed on dead people.
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- Scott Walker Freedom Communications Inc. crimson@freedom.oftheinter.net http://freedom.oftheinter.net Court Room Quotes Q: "The youngest son, the twenty-year old, how old is he?" -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Uhm, 0.0.0.0/0 is actually correct. What I believe is that mister freedom (?) appended the rule instead of inserting it. That means that if there are other rules applying on port 53 or other stuff like addresses, these rules don't work, because they are beeing put at the bottom of the chain. If you insert them, they'll probably work just fine because they're at the top of the chain and get precedence over all others below: ipchains -I input -j DENY -p tcp -l -s 0.0.0.0/0 -i eth0 -d 192.168.1.4/32 53 If this doesn't work, try this: ipchains -I input -l -d 192.168.1.4 53 -p tcp -j DENY I've left out the eth0 stuff, because 192.168.1.4 is probably the only 192.168.1.4 you have in your network. If not: you have a problem. The kernel can figure this out. The /32 is out of the question also, because 192.168.1.4 is a host. Your kernel knows that. If this isn't a host, you don't want to do a /32... btw: REJECTing is mostly better than DENYing, because now ppl have to wait a while before their app gives up, because you're stealthing the port in stead of closing it. REJECT instead of DENY: ipchains -I input -l -d 192.168.1.4 53 -p tcp -j REJECT btw2: Logging the rule (-l) can cause lots of syslogging.. Good luck! Rogier Maas crimson@freedom.oftheinter.net wrote:
Actually after playing with it for a few minutes I got it... the proper rule is ipchains -A input -j DENY -p tcp -l -s 0/0 -i eth0 -d 0/0 53
* crimson@freedom.oftheinter.net <crimson@freedom.oftheinter.net> [000103 18:14]:
I have an extremely weird problem. This is the rule I am using: ipchains -A input -j DENY -p tcp -l -s 0.0.0.0/0 -i eth0 -d 192.168.1.4/32 53 ipchains -A input -j DENY -p udp -l -s 0.0.0.0/0 -i eth0 -d 192.168.1.4/32 53
This is to deny access to anyone on eth0 (the internet) to my name server but allow it from 192.168.1.4. Now the problem is. That it ignores the rule. Everyone can still access the nameserver. Did I screw the rule up. or am I on cheap drugs?
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (2)
-
crimson@freedom.oftheinter.net -
icarus@guldennet.nl