Re: ipchains help
On Thu, 14 Dec 2000, Minta Adrian wrote:
/sbin/ipchains -A input -s !192.168.1.0/24 -d 0/0 110 -j DENY
that above should work, although isn't perfect. A default policy
of reject, or deny (for in, out, and forward) then selectively
opening holes would be better. Also, do not forget tcpwrappers.
(/etc/hosts.deny, hosts.allow).
For example, if you are using qpopper, you could add this to hosts.deny
in.qpopper: ALL
and hosts.allow
in.qpopper: 192.168.1.0/24
> Hello everybody,
>
> I run a very small office network connected to the Internet by a
> Debian station. The Debian stores the mail and offer web access using
> squid as a proxy server (no masquerading).
> Inside my network I use private addresses 192.168.1.x .
>
> For the security reasons I want to block POP3 access from outside.
> I tried something like:
>
> #ipchains -A input -p tcp -s ! 192.168.1.0/255.255.255.0 --dport 110 -j DENY
>
> ... but without any luck.
>
> Could somebody please give me a hint ?
>
> --
> Best regards,
> Minta Adrian - YO3GIH phone: +401.683.66.52
> mailto:adrianminta@yahoo.com http://www.csit-sun.pub.ro/~gygy/
>
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
-------
Check out our new message boards:
http://board.2kservices.com
-------
J.R. Blain
cowboy@2kservices.com
http://www.2kservices.com
Reply to: