On Sunday 29 February 2004 3:40 pm, Sasa Stupar wrote:
> The thing is that it worked but it was not I have expected. Her is my
> ruleset:
> -----------------
> # Generated by webmin
> *filter
>
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :INPUT DROP [0:0]
So, you have a default DROP policy on INPUT - good.
> # Loopback
> -A OUTPUT -o lo -j ACCEPT
> # Allow self access by loopback interface
> -A INPUT -i lo -j ACCEPT
> # Master
> -A INPUT -m mac -s a.b.c.d --mac aa:bb:cc:dd:ee:ff -j ACCEPT
That rule will accept all connections from one IP address with the correct MAC
address.
> # Accept established connections
> -A INPUT -m state -i eth0 --state ESTABLISHED,RELATED -j ACCEPT
That will allow reply packets to all your outbound connections.
> -A INPUT -p tcp -m tcp ! --tcp-option 2 -j REJECT --reject-with tcp-reset
Reject any TCP packets not already matched, which don't have TCP option 2 set.
> # FTP
> -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
Accept FTP connections (from anywhere)
> # Telnet
> -A INPUT -p tcp -m tcp --dport 23 -j ACCEPT
Accept telnet (yuk) connections from anywhere
> # SMTP
> -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
Accept smtp connections from anywhere......
I have skipped the rest of your rules, which look pretty similar to the last
three above, but for different services. They all look sensible to me.
So, what is the problem you are experiencing? What is happening which you
don't want, or what is not happening which you do want?
Regards,
Antony.
--
What makes you think I know what I'm talking about?
I just have more O'Reilly books than most people.
Please reply to the list;
please don't CC me.
