[OLUG] [ot] ipchains and internet
ktb
xyf at inetnebr.com
Thu Mar 9 06:28:08 UTC 2000
I'm trying to set up ipchains so that I block everything out except Internet
http access and the ability to use my network internally. I've included the
following script which works except for accessing the Internet. I basically
copied this script out of "Linux Firewalls." The book says I need to be
able to access a DNS and have access to port 80 to access the internet. I
was wondering if anyone on this list knows chains well enough to suggest how
I would modify this script to access the Internet? I know most of what the
script is saying I just don't know why it doesn't work.
Thanks,
kent
____________________________________________________________
#!/bin/sh
LOOPBACK_INTERFACE="lo"
LAN_INTERFACE="eth0"
EXTERNAL_INTERFACE="ppp0"
ANYWHERE="any/0"
IPADDR="192.168.xx.x" #My IP Address
UNPRIVPORTS="1024:65535"
NAMESERVER="xxx.xxx.xxx.x" # MY ISP's DNS
ipchains -F input
ipchains -F output
ipchains -F forward
ipchains -P input DENY
ipchains -P output REJECT
ipchains -P forward REJECT
ipchains -A input -i $LOOPBACK_INTERFACE -j ACCEPT
ipchains -A output -i $LOOPBACK_INTERFACE -j ACCEPT
ipchains -A input -i $LAN_INTERFACE -j ACCEPT
ipchains -A output -i $LAN_INTERFACE -j ACCEPT
# Access DNS
ipchains -A output -i $EXTERNAL_INTERFACE -p udp \
-s $IPADDR $UNPRIVPORTS \
-d $NAMESERVER 53 -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p udp \
-s $NAMESERVER 53 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
# Access Internet
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR $UNPRIVPORTS \
-d $ANYWHERE 80 -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $ANYWHERE 80 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
-------------------------------------------------------------------------
Sent by OLUG Mailing list Manager, run by ezmlm. http://olug.bstc.net/
To unsubscribe: `echo unsubsribe | mail olug-unsubscribe at bstc.net`
More information about the OLUG
mailing list