zeist wrote:
On Fri, 17 Jan 2003, Vasyl Kenyuk wrote:
Hi!
I'm using RedHat 7.3, and I would to allow only www input/output traffic
(no ftp, telnet, ssh, etc.). There are no reason to do that, but I wonna
learn more about firewalls. So I got the answer, I must make
# Default Policy I/O DROP
ipchains -P INPUT DENY
ipchains -P OUTPUT DENY
# Rules
ipchains -A INPUT -i eth0 -p tcp -d my_ip --dport 80 -j ACCEPT
ipchains -A OUTPUT -i eth0 -p tcp -d my_ip --dport 80 -j ACCEPT
So, but it does not works.
Have enyone an idea, why? I'm using Apache as Web Server.
Thanks, Vasyl
I think the output rules should be:
ipchains -A OUTPUT -i eth0 -p tcp -s my_ip --sport 80 -j ACCEPT
Since the packets going out from your apache have source port 80, and you
can't (luckly) guess what would be the high port used by a client.
Why you don't use iptables? imho is far better flexible and powerful.
Bye
Nicola Ragozzino
- ----------------------------------------------------------------------------------------------
`The true value of a human being can be found in the degree to which he has attained
liberation from the self`
- ----------------------------------------------------------------------------------------------
GPG/PGP keys available on key-servers
[RSA 2048] PGP Key fingerprint = 82 78 5A 58 8D E0 31 C9 B4 9D 92 04 0D F6 C1 82
[DSA 4096] GPG Key fingerprint = D5 84 BA F3 24 64 7E B6 97 D0 1A 3B F0 40 89 72 E2 CE 1F C5
- ----------------------------------------------------------------------------------------------
when i use iptable the --dport argument doesn't work would anyone know why?
--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
