Michael Schwendt wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 07 Mar 2003 23:57:19 +0800, [EMAIL PROTECTED] wrote: > > > Now, I want to know how to allow users connect to some of ports ( services ) by > > using ipchains and iptables ? > > eg : allow user connect to ports : 80 ( http ), 53 ( DNS ) only... > > I would recommend you read a good tutorial/howto on > ipchains/iptables or get some book on networking/firewalls. There > are several ways on how to achieve what you want. And iptables is > quite different (and more powerful) than ipchains. IMO, explaining > the basics of ipchains/iptables or features like stateful filtering > or connection tracking is beyond the scope of this mailing-list. > > What rules to add depends much on the purpose of your host. Should > it be a server? Or a server and client at the same time? > > You might want to start with setting the default policy of the > input chain to DROP: > > iptables --policy INPUT DROP > > That would drop all (!) incoming traffic (including reply-packets!) > unless you opened specific ports with adding ACCEPT rules to the > INPUT chain (like you did in your set of rules). If the host should > be able to connect to services on remote hosts, you would need to > accept incoming reply-packets (reply-packets have the source/dest > port swapped). With iptables, connection tracking would make that > easy. > > For diagnostic purposes, you could temporarily reject incoming > traffic at the beginning of the chain > > iptables --insert INPUT --jump REJECT > > which would give you "connection refused" messages upon testing. > > However, all that would just be a small starting point.
So, is there any samples about ipchains and iptables post in here ? Thank for your help ! -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
