ipchains configuration
I.Ioannou
roryt at hol.gr
Wed Jul 26 15:47:36 EEST 2000
"Socrates T. Kolokithas" wrote:
> 1. einai dhnaton me to ipchains na ftiaxoume kapioy eidoys access list gia
> tous xrhstes tou eswterikou dyktiou, dhladh kapia site kai ports pou den tha
> tous epitrepete na exoun access se auta ??
Fysika. Estw oti exeis linux firewall kai ayto kanei masquarade sto
ypoloipo diktio.
Bazeis toy kanones sto forwarding prin apo tous kanones (h tin politiki)
pou
sou kanei masquarade px
#default politi deny
ipchains -P forward DENY
# Kopsimo gia olous
ipchains -I forward 1 -p tcp -s xxx.xxx.xxx.xxx/yyy -d www.spammer.com
-j REJECT
# Kopsimo tou agapimenou site enos sigkekrimenou IP (tou 10)
ipchains -A forward -p tcp -s xxx.xxx.xxx.10 -d www.sexshop.com -j
REJECT
# ola ta alla free
ipchains -A forward -s xxx.xxx.xxx.xxx/yyy -d 0.0.0.0/0 -j MASQ
opou xxx.xxx.xxx.xxx/yyy to eswteriko diktio sou (px 192.168.0.0/24)
Ypopsi ayto doyleuei an "bgainoun" internet me forwarding, oxi mesw
proxy.
H akomi kai poio genika. Estw oti theleis na eksafaniseis apo
olo to diktio sou (akomi kai apo to firewall) ena site.
Fiakse kanones input :
ipchains -I input 1 -p tcp -s xxx.xxx.xxx.xxx/yyy -d 207.46.131.0/24
ipchains -A input -p tcp -s xxx.xxx.xxx.xxx/yyy -d 207.46.130.0/24
(ayto oi teleytaioi kanones einai must :-)) )
Ola ayta (kai alla polla) tha ta breis sta HOWTO,
px IPCHAINS-HOWTO, Firewall-HOWTO
I.Ioannou <roryt at hol.gr>
--
linux-greek-users mailing list -- http://lists.hellug.gr
More information about the Linux-greek-users
mailing list