[ LUGOS ] Sorry

jernej horvat j na kid.kibla.org
Pet Okt 1 21:59:04 CEST 1999 

Se oproscam za prejsnje sporocilo. Tipki X in C sta TAKO blizu. ;->

PS: bi pa imel vprasanje za pozarni zid z ipchains:

torej:

navznoter dovolimo
25 - SMTP
22 - SSH
53 - Bind (eeeee?)
20/21 - FTP

Priklop na Internet gre preko ppp0, lokalno omrezje (192.168.101.*) pa na
eth0.

Skripta bi potem morala zgledati nekako tako:
/etc/rc.d/rc.firewall

#!/bin/sh
echo "*************"
echo "* Running $0"
echo "*************"

/bin/echo "1" >/proc/sys/net/ipv4/ip_forward

/bin/echo "1" >/proc/sys/net/ipv4/conf/all/rp_filter
#/bin/echo "1" >/proc/sys/net/ipv4/ip_dynaddr
/bin/echo "1" >/proc/sys/net/ipv4/tcp_syncookies

# flush policy
/sbin/ipchains -F
/sbin/ipchains -F input
/sbin/ipchains -F forward
/sbin/ipchains -F output

# default policy deny
/sbin/ipchains -P input DENY
/sbin/ipchains -P forward DENY
/sbin/ipchains -P output ACCEPT

# ssh
/sbin/ipchains -A input -i ippp0 -p tcp --dport 22 -j ACCEPT
# smtp
/sbin/ipchains -A input -i ppp0 -p tcp --dport 25 -j ACCEPT

# ftp
/sbin/ipchains -A input -i ppp0 -p tcp --dport  20 -j ACCEPT
/sbin/ipchains -A input -i ppp0 -p tcp --dport  21 -j ACCEPT
# dns
/sbin/ipchains -A input -i ppp0 -p tcp --dport 53 -j ACCEPT
/sbin/ipchains -A input -i ppp0 -p udp --dport 53 -j ACCEPT
# http
/sbin/ipchains -A input -i ppp0 -p tcp --dport 80 -j ACCEPT
# ident
/sbin/ipchains -A input -i ppp0 -p tcp --dport 113 -j ACCEPT

/sbin/ipchains -A input -i ppp0 -p tcp --dport 1022:65535 -j ACCEPT
/sbin/ipchains -A input -i ppp0 -p udp --dport 1022:65535 -j ACCEPT

/sbin/ipchains -A input -i lo   -p all -s 127.0.0.1/32     -j ACCEPT
/sbin/ipchains -A input -i eth0 -p all -s 192.168.101.0/24 -j ACCEPT

# NAT
/sbin/ipchains -M -S 7200 10 60
/sbin/ipchains -A forward -i ppp0 -p all -s 192.168.101.0/24 -j MASQ

# NAT moduli
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_vdolive
/sbin/modprobe ip_masq_quake
/sbin/modprobe ip_masq_cuseeme


/sbin/ipchains -L -n


Je tako?


-- 
Windows N'T: as in Wouldn't, Couldn't and didn't. 

               > All the standard disclaimers apply. <

Dodatne informacije o seznamu Starilist