From jkyllo@u.washington.edu Sun Oct 10 23:50:08 1999 Received: from jason04.u.washington.edu (root@jason04.u.washington.edu [140.142.78.5]) by lists.u.washington.edu (8.9.3+UW99.09/8.9.3+UW99.09) with ESMTP id XAA29792 for ; Sun, 10 Oct 1999 23:50:06 -0700 Received: from dante18.u.washington.edu (jkyllo@dante18.u.washington.edu [140.142.15.68]) by jason04.u.washington.edu (8.9.3+UW99.09/8.9.3+UW99.09) with ESMTP id XAA23336 for ; Sun, 10 Oct 1999 23:50:05 -0700 Received: from localhost (jkyllo@localhost) by dante18.u.washington.edu (8.9.3+UW99.09/8.9.3+UW99.09) with ESMTP id XAA73762 for ; Sun, 10 Oct 1999 23:50:05 -0700 Date: Sun, 10 Oct 1999 23:50:05 -0700 (PDT) From: Jeffrey John Kyllo To: UW Linux Group Subject: Re: ipchains and firewalling In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Well, I didn't personally, but it is that way, yes. I'd like to jump to the other chains so that any specific rules (ip's, devices and the like) will go into each chain. I'm currently starting over and trying just an icmp chain. It works but I haven't had the time to continue on with the other protocols. Thanks for the ideas. -Jeff .K On Sun, 10 Oct 1999, Christopher Twigg wrote: > Did you do the whole "echo 1 > /proc/sys/net/ipv4/ip_forward" thing yet? > Also, you might try simplifying the whole thing by giving a target of > "ACCEPT" in the input table rather than sending it to another chain. Just > tag a "-j ACCEPT" to the end... > > Christopher Twigg > cdtwigg@u.washington.edu > > On Sat, 9 Oct 1999, Jeffrey John Kyllo wrote: > > > Is anyone familiar with using ipchains? I hope so because I'm stumped. > > I'll append the rules that I have to the end of this e-mail if someone > > might want to help. Basically, with the rules set and everything, it > > seems that all packets are being rejected. I'm trying to get it to work > > so that all packets except for given services (ssh, www, dns, maybe ftp) > > are rejected. Anyway, thanks for any help. > > > > -Jeff K. > > > > Chain input (policy REJECT): > > target prot opt source destination ports > > icmp icmp ------ anywhere anywhere any -> any > > www udp ------ anywhere anywhere any -> www > > www tcp ------ anywhere anywhere any -> www > > dns udp ------ anywhere anywhere any -> domain > > dns tcp ------ anywhere anywhere any -> domain > > dns tcp ------ anywhere anywhere any -> nameserver > > ssh tcp ------ anywhere anywhere any -> ssh > > ssh udp ------ anywhere anywhere any -> ssh > > ftp tcp ------ anywhere anywhere any -> ftp-data > > ftp tcp ------ anywhere anywhere any -> ftp > > Chain forward (policy ACCEPT): > > Chain output (policy ACCEPT): > > Chain ftp (1 references): > > target prot opt source destination ports > > ACCEPT all ------ anywhere anywhere n/a > > Chain ssh (2 references): > > target prot opt source destination ports > > ACCEPT all ------ anywhere anywhere n/a > > Chain icmp (1 references): > > target prot opt source destination ports > > ACCEPT all ------ anywhere anywhere n/a > > Chain dns (3 references): > > target prot opt source destination ports > > ACCEPT all ------ anywhere anywhere n/a > > Chain www (2 references): > > target prot opt source destination ports > > ACCEPT all ------ anywhere anywhere n/a > > > > > > > > > > > .