-   Linux - Networking (
-   -   clearing up ipchains rules (

antken 11-04-2002 12:39 PM

clearing up ipchains rules

i have just taken on yet another linux box ( bringing me to a grand total of 5 )

its setup is as follows: ( sorry about my ascii drawings :( )

LINUX box -------- local clients ( as router )
|___win9x clients ( samba )

basically the ipchains rule book is over flowing with junk and its slowing it down so i want to clear it up.

i have flushed every thing out and i am now rebuilding

i want to block samba access to the box from outside will this line work:


ipchains -A input -s ! -d 0/0 139 -p tcp -j DENY
what do you think? would that be ok?


akohlsmith 11-04-2002 01:15 PM

How many network cards are on this? You should have a minimum of two (you can do it with one but I do not recommend it)

Then simply block tcp 135-139 on the external (WAN) interface.

antken 11-04-2002 01:29 PM


yes there are two nics in the box eth0 is the internal and the external nic is eth1

the internal ip is


akohlsmith 11-04-2002 01:55 PM

ok so iptables -I FORWARD 1 -p tcp -d 0/0 135-139 -j DENY

antken 11-04-2002 02:14 PM

would this work on an ipchains if i changed a few things around?

what does the '1' mean after the FORWARD ?

akohlsmith 11-04-2002 02:28 PM

It inserts the rule before the 1st entry in the FORWARD chain. I do that because if you have a masq line there you'll skip it.

I don't do it in INPUT or OUTPUT because this blocks packets going either way with one rule.

peter_robb 11-04-2002 03:26 PM

For the ipchains syntax have a look here...


All times are GMT -5. The time now is 01:37 AM.