[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipchains help

On Thu, 14 Dec 2000, Minta Adrian wrote:

/sbin/ipchains -A input -s ! -d 0/0 110 -j DENY
that above should work, although isn't perfect.  A default policy
of reject, or deny (for in, out, and forward) then selectively
opening holes would be better.  Also, do not forget tcpwrappers.
(/etc/hosts.deny, hosts.allow).  
For example, if you are using qpopper, you could add this to hosts.deny
in.qpopper: ALL
and hosts.allow

> Hello everybody,
>  I run a very small office network connected to the Internet by a
>  Debian station. The Debian stores the mail and offer web access using
>  squid as a proxy server (no masquerading).
>  Inside my network I use private addresses 192.168.1.x .
>  For the security reasons I want to block POP3 access from outside.
>  I tried something like:
>  #ipchains -A input -p tcp -s ! --dport 110 -j DENY
>  ... but without any luck.
>  Could somebody please give me a hint ?
> --
> Best regards,
>    Minta Adrian - YO3GIH                 phone: +401.683.66.52
>  mailto:adrianminta@yahoo.com    http://www.csit-sun.pub.ro/~gygy/
> --  
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


Check out our new message boards:

J.R. Blain

Reply to: