On Fri, 17 Jan 2003, Vasyl Kenyuk wrote: > Hi! > I'm using RedHat 7.3, and I would to allow only www input/output traffic > (no ftp, telnet, ssh, etc.). There are no reason to do that, but I wonna > learn more about firewalls. So I got the answer, I must make > > # Default Policy I/O DROP > > ipchains -P INPUT DENY > > ipchains -P OUTPUT DENY > > > > # Rules > > ipchains -A INPUT -i eth0 -p tcp -d my_ip --dport 80 -j ACCEPT > > ipchains -A OUTPUT -i eth0 -p tcp -d my_ip --dport 80 -j ACCEPT > > So, but it does not works. > Have enyone an idea, why? I'm using Apache as Web Server. > Thanks, Vasyl I think the output rules should be: ipchains -A OUTPUT -i eth0 -p tcp -s my_ip --sport 80 -j ACCEPT Since the packets going out from your apache have source port 80, and you can't (luckly) guess what would be the high port used by a client. Why you don't use iptables? imho is far better flexible and powerful. Bye Nicola Ragozzino - ---------------------------------------------------------------------------------------------- `The true value of a human being can be found in the degree to which he has attained liberation from the self` - ---------------------------------------------------------------------------------------------- GPG/PGP keys available on key-servers [RSA 2048] PGP Key fingerprint = 82 78 5A 58 8D E0 31 C9 B4 9D 92 04 0D F6 C1 82 [DSA 4096] GPG Key fingerprint = D5 84 BA F3 24 64 7E B6 97 D0 1A 3B F0 40 89 72 E2 CE 1F C5 - ---------------------------------------------------------------------------------------------- -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list