clearing up ipchains rules
hi,
i have just taken on yet another linux box ( bringing me to a grand total of 5 ) its setup is as follows: ( sorry about my ascii drawings :( ) {internet} | | | LINUX box -------- local clients ( as router ) | |___win9x clients ( samba ) basically the ipchains rule book is over flowing with junk and its slowing it down so i want to clear it up. i have flushed every thing out and i am now rebuilding i want to block samba access to the box from outside will this line work: Code:
ipchains -A input -s ! 192.168.0.0/16 -d 0/0 139 -p tcp -j DENY thanks antken |
How many network cards are on this? You should have a minimum of two (you can do it with one but I do not recommend it)
Then simply block tcp 135-139 on the external (WAN) interface. |
hi,
yes there are two nics in the box eth0 is the internal and the external nic is eth1 the internal ip is 192.168.0.0/16 thanks |
ok so iptables -I FORWARD 1 -p tcp -d 0/0 135-139 -j DENY
|
would this work on an ipchains if i changed a few things around?
what does the '1' mean after the FORWARD ? |
It inserts the rule before the 1st entry in the FORWARD chain. I do that because if you have a masq line there you'll skip it.
I don't do it in INPUT or OUTPUT because this blocks packets going either way with one rule. |
For the ipchains syntax have a look here...
http://www.linux.org/docs/ldp/howto/IPCHAINS-HOWTO.html Regards, Peter |
All times are GMT -5. The time now is 04:15 PM. |