Re: ipchains help
On Thu, 14 Dec 2000, Minta Adrian wrote:
/sbin/ipchains -A input -s !192.168.1.0/24 -d 0/0 110 -j DENY
that above should work, although isn't perfect. A default policy
of reject, or deny (for in, out, and forward) then selectively
opening holes would be better. Also, do not forget tcpwrappers.
For example, if you are using qpopper, you could add this to hosts.deny
> Hello everybody,
> I run a very small office network connected to the Internet by a
> Debian station. The Debian stores the mail and offer web access using
> squid as a proxy server (no masquerading).
> Inside my network I use private addresses 192.168.1.x .
> For the security reasons I want to block POP3 access from outside.
> I tried something like:
> #ipchains -A input -p tcp -s ! 192.168.1.0/255.255.255.0 --dport 110 -j DENY
> ... but without any luck.
> Could somebody please give me a hint ?
> Best regards,
> Minta Adrian - YO3GIH phone: +401.683.66.52
> mailto:email@example.com http://www.csit-sun.pub.ro/~gygy/
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com
Check out our new message boards: