Hi! I'm playing around with firewalling a bit and would like to know if I got this little (not real world) task right: I tried to setup the ipchains so that the only thing 'marvin' should be able to do is using smtp with host 'laus'. Is the following correct for my wish? ipchains -P input REJECT ipchains -P output REJECT ipchains -P forward REJECT ipchains -F input ipchains -F output ipchains -F forward ipchains -A output -j ACCEPT -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 ipchains -A input -j ACCEPT -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 ipchains -A output -j ACCEPT -p tcp -s marvin 1024:65535 -d laus 1024:65535 ! -y ipchains -A output -j ACCEPT -p tcp -s marvin 1024:65535 -d laus smtp ipchains -A input -j ACCEPT -p tcp -s laus 1024:65535 -d marvin 1024:65535 ! -y ipchains -A input -j ACCEPT -p tcp -s laus smtp -d marvin 1024:65535 ! -y which results in: marvin:/home/weasel # ipchains -L Chain input (policy REJECT): target prot opt source destination ports ACCEPT all ------ anywhere anywhere n/a ACCEPT tcp !y---- laus marvin 1024:65535 -> 1024:65535 ACCEPT tcp !y---- laus marvin smtp -> 1024:65535 Chain forward (policy REJECT): Chain output (policy REJECT): ACCEPT all ------ anywhere anywhere n/a ACCEPT tcp !y---- marvin laus 1024:65535 -> 1024:65535 ACCEPT tcp ------ marvin laus 1024:65535 -> smtp is this correct, did I miss something? anything wich might need improvement? and why does this not work with ssh? (if I substitute smtp with ssh) Thank you for your help. -- Weasel http://www.cosy.sbg.ac.at/~ppalfrad/ PGP encrypted messages prefered. See my site for my PGP key. -------------------------------------------------------------- The software said Windows95 or better, so I got Linux...
Attachment:
pgpPI7jqcPbK9.pgp
Description: PGP signature