Michael Schwendt wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 07 Mar 2003 13:31:02 +0800, [EMAIL PROTECTED] wrote: > > > After the following setting of ipchains on 6.2 machine : > > > > /sbin/ipchains -F > > /sbin/ipchains -A input -i eth0 -p tcp --dport 20 -j ACCEPT > > > > After the following setting of iptables on 7.2 machine : > > > > iptables -F > > iptables -A INPUT -i eth0 -p tcp --dport 20 -j ACCEPT > > > > But I can connect to http://ip_address... > > So, I want to know why I can connect to http://ip_address with port 80 ? > > Not enough input. Post the _complete_ output of ipchains-save or > iptables-save, respectively.
For ipchains, /sbin/ipchains -F /sbin/ipchains -A input -i eth0 -p tcp --dport 20 -j ACCEPT /sbin/ipchains -A input -i eth0 -p tcp --dport 21 -j ACCEPT /sbin/ipchains -A input -i eth0 -p tcp --dport 22 -j ACCEPT /sbin/ipchains -A input -i eth0 -p tcp --dport 23 -j ACCEPT /sbin/ipchains -A input -i eth0 -p tcp --dport 25 -j ACCEPT /sbin/ipchains -A input -i eth0 -p tcp --dport 80 -j ACCEPT /sbin/ipchains -A input -i eth0 -p tcp --dport 53 -j ACCEPT /sbin/ipchains -A input -i eth0 -p udp --dport 53 -j ACCEPT /sbin/ipchains -A input -i eth0 -p tcp --dport 110 -j ACCEPT /sbin/ipchains -A input -i eth0 -p tcp --dport 143 -j ACCEPT /sbin/ipchains -A input -i eth0 -p tcp --dport 113 -j ACCEPT /sbin/ipchains -A input -i eth0 -p udp --dport 113 -j ACCEPT For iptables, iptables -F iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ALL -j DROP iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL NONE -j DROP iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 20 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 21 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 23 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 110 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 113 -j ACCEPT So, any problem of the setting about ipchains and iptables ? Very thank for your help ! -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
