IPChains help

To: "GLUG" <glug@linux.org.za>, "Debian-Security" <debian-security@lists.debian.org>
Subject: IPChains help
From: "Eugene van Zyl" <evz@streetcar.com>
Date: Tue, 10 Apr 2001 14:59:14 +0200
Message-id: <OJEFLNJDBPDANNEDGCBOIEPDDKAA.evz@streetcar.com>
Reply-to: <evz@streetcar.com>

Hi,

What's wrong with the following ruleset that I can't do any DNS lookups from the firewallhost ?

$IPCHAINS -P input ACCEPT
$IPCHAINS -P forward ACCEPT
$IPCHAINS -P output ACCEPT

$IPCHAINS -F
$IPCHAINS -X

# input rules
$IPCHAINS -A input -s $localnet -d $localnet -j ACCEPT
$IPCHAINS -A input -s $Any -d $localnet -j DENY
$IPCHAINS -A input -p tcp -s $Any -d $firewallhost smtp -j ACCEPT
$IPCHAINS -A input -p tcp -s $Any -d $firewallhost ssmtp -j ACCEPT
$IPCHAINS -A input -p tcp -s $Any -d $firewallhost auth -j ACCEPT
$IPCHAINS -A input -p tcp -s $Any -d $firewallhost pop3s -j ACCEPT
$IPCHAINS -A input -p udp -s $Any -d $firewallhost pop3s -j ACCEPT
$IPCHAINS -A input -p tcp -s $Any -d $firewallhost imaps -j ACCEPT
$IPCHAINS -A input -p udp -s $Any -d $firewallhost imaps -j ACCEPT
$IPCHAINS -A input -p tcp -s $Any -d $firewallhost https -j ACCEPT
$IPCHAINS -A input -p udp -s $Any -d $firewallhost https -j ACCEPT
$IPCHAINS -A input -p udp -s $Any domain -d $Any 1024:65535 -j ACCEPT
$IPCHAINS -A input -p tcp -s $Any domain -d $Any 1024:65535 -j ACCEPT

# forward rules

# output rules
$IPCHAINS -A output -s $localnet -d $Any -j ACCEPT

Using Debian 2.2 and gfcc to configure ipchains.

Thanks,
Eugene van Zyl

Reply to:

Follow-Ups:
- Re: IPChains help
  - From: Martin Peikert <news-innominate.list.debian.security@innominate.com>
- Re: IPChains help
  - From: Doug Alcorn <doug@lathi.net>

Prev by Date: Re: Packet filtering help
Next by Date: Re: Packet filtering help
Previous by thread: Re: Packet filtering help
Next by thread: Re: IPChains help
Index(es):
- Date
- Thread