firewall
i am running squid as internet sharing server. i want to allow all http, https, ftp, yahoo voice , msn voice . and all other p2p etc to DROP
is there any help from you .
current defalu policy is
INPUT (DROP)
FORWARD (DROP)
OUTPUT (ACCEPT)
but when i check using
# netstat -a
ctive Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address Stat e
tcp 0 0 *:32769 *:* LIST EN
tcp 0 0 *:sunrpc *:* LIST EN
tcp 0 0 *:webcache *:* LIST EN
tcp 0 0 10.10.1.2:domain *:* LIST EN
tcp 0 0 IP-202-117-160-162.d:domain *:* LIST EN
tcp 0 0 server.nethome1.com:domain *:* LIST EN
tcp 0 0 server.nethome1.com:ipp *:* LIST EN
tcp 0 0 server.nethome1.com:5335 *:* LIST EN
tcp 0 0 server.nethome1.com:rndc *:* LIST EN
tcp 0 0 10.10.1.2:webcache 10.0.0.59:1231 TIME _WAIT
tcp 0 0 10.10.1.2:webcache 10.0.0.234:1632 ESTA BLISHED
tcp 0 0 10.10.1.2:webcache 10.0.0.62:2252 ESTA BLISHED
tcp 0 0 IP-202-117-160-162.da:41510 64.34.205.200:http ESTA BLISHED
tcp 0 0 IP-202-117-160-162.da:41509 64.34.205.200:http ESTA BLISHED
tcp 0 0 IP-202-117-160-162.da:41506 64.34.205.200:http ESTA BLISHED
tcp 0 0 10.10.1.2:webcache 10.0.0.238:1667 ESTA BLISHED
cp 0 0 10.10.1.2:webcache 10.0.0.238:1664 TIME_WAIT
tcp 0 0 10.10.1.2:webcache 10.0.0.234:1642 TIME_WAIT
tcp 0 0 10.10.1.2:webcache 10.0.0.59:1252 ESTABLISHED
tcp 0 0 IP-202-117-160-162.da:41370 free.content.streamray:http TIME_WAIT
tcp 0 0 IP-202-117-160-162.da:41369 free.content.streamray:http TIME_WAIT
tcp 0 0 IP-202-117-160-162.da:41368 free.content.streamray:http TIME_WAIT
tcp 0 0 10.10.1.2:webcache 10.0.0.35:1823 ESTABLISHED
tcp 0 0 IP-202-117-160-162.da:41519 165.193.99.85:http ESTABLISHED
tcp 0 0 10.10.1.2:webcache 10.0.0.59:1249 ESTABLISHED
tcp 0 0 IP-202-117-160-162.da:41449 207.68.183.32:http ESTABLISHED
|