|
Click to See Complete Forum and Search --> : Port blocking with Ipchains Linux 01-21-2001, 10:30 PM I blocked some port with ipchains like 515 for printing but since I have samba installed i cannot print from windows ( yes, you still might want to use windows for something). My question is how would you block port 515 so that it is still available to my home network ip's 10.0.0.x , 10.0.0.x and my 24.xxx.xxx.xxx (out to net). Basically eth0, eth1 and NIC that is in windows. ThanX Craig McPherson 01-22-2001, 12:49 AM ipchains -A INPUT -i eth0 --destination-port 515 -j DENY JAdrock 01-22-2001, 11:51 AM I might be mistaken, but... when I've tried specifying a port with ipchains, it's always said "wait...hang on...tell me which protocol!" obviously not in those words *har har* but with what Craig said if ipchains does ask for a protocol i think you have to add ipchains -A INPUT -i eth0 -p tcp --destination-port 515 -j DENY or something of the sort, i'm an ipchains/iptables newbie myself The_Stack 01-23-2001, 06:51 PM man ipchains and read the IPCHAINS-HOWTO and make sure you TEST your configuration before you put it into production. Here is a simple ipchains configuration that you can use for testing. Be aware, it is not a complete ipchains configuration and therefore should be considered insecure. #your network interfaces INSIDE0=eth0 INSIDE1=eth1 OUTSIDE=eth2 #internal network and gateway NET0=10.0.1.0/24 GW0=10.0.1.1/32 #internal network and gateway NET1=10.0.2.0/24 GW1=10.0.2.1/32 #your Internet ip address IP=24.1.1.22/32 #your Internet gateway address GW=24.1.1.1/32 ANY=0.0.0.0/0 #reject any connections to the firewall's port 515 ipchains -A INPUT -i $OUTSIDE -p tcp -s $ANY -d $IP 515 -l -j REJECT ipchains -A INPUT -i $INSIDE0 -p tcp -s $NET0 -d $GW0 515 -l -j REJECT ipchains -A INPUT -i $INSIDE1 -p tcp -s $NET1 -d $GW0 515 -l -j REJECT #forward to/from internal networks ipchains -A FORWARD -i $INSIDE0 -p tcp -s $NET0 -d $NET1 515 -j ACCEPT ipchains -A FORWARD -i $INSIDE1 -p tcp -s $NET1 -d $NET0 515 -j ACCEPT #deny any connections to external machines' port 515 ipchains -A FORWARD -p -s $NET0 -d $ANY 515 -l -j DENY ipchains -A FORWARD -p -s $NET1 -d $ANY 515 -l -j DENY #prevent any de-masqueraded port 515 IP connections to internal machines ipchains -A OUTPUT -p tcp -s $ANY -d $NET0 515 -l -j DENY ipchains -A OUTPUT -p tcp -s $ANY -d $NET1 515 -l -j DENY justlinux.com
Copyright Internet.com Inc. All Rights Reserved. |
|