[prev in list] [next in list] [prev in thread] [next in thread]
List: ipchains-list
Subject: Re: Setting the default policy
From: raf <raf () raf ! org>
Date: 2001-10-28 5:44:06
[Download RAW message or body]
Carl King wrote:
> Hi,
>
> I am having a problem with setting policies. If I set the default
> input policy:
>
> ipchains -P input DENY
>
> Then add some rules of acceptance:
>
> ipchains -A input -p TCP -s $REMOTE_HOST -d $local_ip -i eth0 -j ACCEPT -y
> ipchains -A input -p UDP -s $REMOTE_HOST -d $local_ip -i eth0 -j ACCEPT
> ipchains -A input -p ICMP -s $REMOTE_HOST -d $local_ip -i eth0 -j ACCEPT
> (the variables here are only for illustration, I am using an ip address
> in the real script)
>
> I have found the default policy still denies the remote host connection
> attempts. I am trying to allow only a couple of hosts to see the server
> on the network by denying everything to all other PC's.
>
> I have tried adding "ipchains -A input -p ALL -s 0/0 -j DENY" at the end
> of the list with a default policy of ACCEPT and still cannot get into
> the server as well.
>
> I must be missing something in Rusty's HOWTO because the remote hosts
> cannot connect to the server after running this either way. I am using
> ipchains 1.3.9 on RHL6.1.
take the -y off the tcp rule. it's only allowing the connecting packet,
not subsequent packets. at least, that's what it looks like.
raf
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic