Thanks, I'll give it a shot as soon as I get back to that particular machine On Thursday 19 August 2004 15:55, Danny Sauer wrote:
#!/bin/sh IPTABLES="/usr/sbin/iptables" # all output OK $IPTABLES -F OUTPUT $IPTABLES -P OUTPUT -j ACCEPT # all forward bad $IPTABLES -F FORWARD $IPTABLES -P FORWARD -j REJECT # most input bad, except for a few ports $IPTABLES -F INPUT $IPTABLES -P INPUT -j DROP $IPTABLES -A INPUT -i lo -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 139 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 445 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 1000 -j ACCEPT $IPTABLES -A INPUT -j DROP # yes, this is redundant.
--Danny
-- Kind regards Hans du Plooy Newington Consulting Services hansdp at newingtoncs dot co dot za