firewall whoes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am curently searching the archives and google, if there is a solution
posted I must be overlooking it. My curent situation is I have some aol,
compuserve customers. The moment I enable the firewall they are unable
to connect. My question is what do I need to enable to allow aol and cs
customers to reach me through my firewall? here is the firewall. I
comented out some of the lines till I can figure out how to help our
clients connect to us.

#!/bin/bash
#
# This is a sample firewall for ip_tables, the tool for doing
firewalling
# and masquerading under the 2.3.x/2.4.x series of kernels.
#
# Be warned, this is a very restrictive set of firewall rules (and they
# should be, for proper security). Anything that you do not
_specifically_
# allow is logged and dropped into /dev/null, so if you're wondering why
# something isn't working, check /var/log/messages.
#
# This is about as close as you get to a 'secure' firewall. It's nasty,
# it's harsh, and it will make your machine nearly invisible to the rest
# of the internet world. Have fun.
#
# To run this script you must 'chmod 700 iptables-script' and then
execute
# it. To stop it from running, run 'iptables -F'

#Point this to your copy of ip_tables
IPT="/usr/local/sbin/iptables"

#Load the module.
/sbin/modprobe ip_tables

#Flush old rules, delete the firewall chain if it exists
$IPT -F
$IPT -F -t nat
$IPT -X firewall

# Drop all packets from spamers

#% [whois.apnic.net node-2]
#% How to use this server        http://www.apnic.net/db/
#% Whois data copyright terms
http://www.apnic.net/db/dbcopyright.html
#
#inetnum:      202.148.160.0 - 202.148.175.255
# $IPT -A INPUT -s 202.148.160.0/24 -j DROP

# ENGLISH
#
#KRNIC is not ISP but National Internet Registry similar with APNIC.
#Please see the following end-user contacts for IP address information.
#
#IP Address         : 211.222.66.128-211.222.66.255
#Network Name       : KORNET-LLINE-NAMINCHON-LNISOFT
#Connect ISP Name   : KORNET
#Connect Date       : 20001201
#Registration Date  : 20020703
#$IPT -A INPUT -s 211.222.66.0/24 -j DROP

#$IPT -A INPUT -s 67.30.5.196/32 -j DROP
#Setup Masquerading. Change the IP to your internal network and
uncomment
#this in order to enable it.
#$IPT -A POSTROUTING -t nat -s 192.168.1.0/24 -j MASQUERADE
#$IPT -P FORWARD ACCEPT
#echo 1 > /proc/sys/net/ipv4/ip_forward

#Set up the firewall chain
$IPT -N firewall
$IPT -A firewall -j LOG --log-level info --log-prefix "Firewall:"
#$IPT -A firewall -j DROP


#Accept ourselves
$IPT -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
#If you're using IP Masquerading, change this IP to whatever your
internl
#IP addres is and uncomment it
#$IPT -A INPUT -s 192.168.1.1/32 -d 0/0 -j ACCEPT

#Accept DNS, 'cause it's warm and friendly
#$IPT -A INPUT -p udp --source-port 53 -j ACCEPT
#$IPT -A INPUT -p tcp --source-port 113 -j ACCEPT
#$IPT -A INPUT -p tcp --destination-port 113 -j ACCEPT

#Allow ftp to send data back and forth.
#$IPT -A INPUT -p tcp ! --syn --source-port 20 --destination-port
1024:65535 -j ACCEPT
# Allow ftp

#$IPT -A INPUT -p tcp --destination-port 21  -j ACCEPT

#Accept SSH. Duh.
$IPT -A INPUT -p tcp --destination-port 22  -j ACCEPT

#accept http
$IPT -A INPUT -p tcp --destination-port 80  -j ACCEPT

#Alow smtp
$IPT -A INPUT -p tcp --destination-port 25  -j ACCEPT

#Allow pop3

$IPT -A INPUT -p tcp --destination-port 110  -j ACCEPT

# allow ssl

$IPT -A INPUT -p tcp --destination-port 443  -j ACCEPT

# allow cpanel

$IPT -A INPUT -p tcp --destination-port 2082  -j ACCEPT

# allow WHM

$IPT -A INPUT -p tcp --destination-port 2087  -j ACCEPT

# allow Cpanel webmail

#$IPT -A INPUT -p tcp --destination-port 2095  -j ACCEPT
# drop for scaning our network

$IPT -A INPUT -s 217.133.0.0/16 -j DROP

# multiple ftps for no apparent reason. Looking for weakness?

$IPT -A INPUT -s 80.13.0.0/16 -j DROP

#Send everything else ot the firewall.
$IPT -A INPUT -p icmp -j firewall
$IPT -A INPUT -p tcp --syn -j firewall
$IPT -A INPUT -p udp -j firewall
-- 
Jerry M. Howell II


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux