Summary: extending ipmasq?

To: "Firewallers" <debian-firewall@lists.debian.org>
Subject: Summary: extending ipmasq?
From: "Paul Tod Rieger" <prie@abl.com>
Date: Wed, 25 Jul 2001 10:41:34 -0400
Message-id: <[🔎] 003d01c11517$e6cb5180$0404a8c0@abl.com>
References: <[🔎] 00e801c10f50$992f51a0$0404a8c0@abl.com>

I queried:


> I'm using the default setup of potato's ipmasq package between
> my public eth0 and private eth1 interfaces.  How to change it
> to deny a public service to an unfriendly network?

Starting off with /etc/ipmasq/rules/I90external.def, copying it to
I90external.rul, and inserting:

   $IPCHAINS -A input -j DENY   -i $i -d $IPOFIF/32 \
      -p tcp -s 62.59.0.0/16 --destination-port 53

between:

ipchains)
   $IPCHAINS -A input -j ACCEPT -i $i -d $IPOFIF/32

seems to work -- dropping only the unwanted connections.  So I've added a
"-p udp" rule, too.

Tod
abl.com

Reply to:

References:
- extending ipmasq?
  - From: "Paul Tod Rieger" <prie@abl.com>

Prev by Date: Unidentified subject!
Next by Date: Re: can't ping local 'net, even with no firewall
Previous by thread: extending ipmasq?
Next by thread: Confusing Slow Connections
Index(es):
- Date
- Thread