Hi Rudik, On Tue, 27 May 2003, Rudik Amirjanyan wrote:
> As far as ipchains is large concept, and I am tired learning it, so I > decided to ask you for help. Are you in fact useing ipchains and not iptables ? if you have iptables that's a better option to use. Do you have a static IP or dynamic ? more than 1 live routable IP? I use the following on one box, its far from perfect i'm sure, but it does the job well :) /etc/rc.d/rc.fw #!/bin/sh /sbin/iptables -F /sbin/iptables -P FORWARD DROP /sbin/iptables -P INPUT DROP /sbin/iptables -A INPUT -s 218.1.1.1/8 -j DROP # china /sbin/iptables -A INPUT -s 216.185.96.0/19 -j DROP # theplanet.com /sbin/iptables -A INPUT -s 210.124.0.0/14 -j DROP # cn /sbin/iptables -A INPUT -s 203.93.9.0/20 -j DROP # cn /sbin/iptables -A INPUT -s 203.93.16.0/20 -j DROP # cn /sbin/iptables -A INPUT -s 203.192.0.0/19 -j DROP # cn /sbin/iptables -A INPUT -s 203.95.0.0/22 -j DROP # cn /sbin/iptables -A INPUT -s 203.208.0.0/20 -j DROP # cn /sbin/iptables -A INPUT -s 203.208.16.0/22 -j DROP # cn /sbin/iptables -A INPUT -s 69.1.65.128/25 -j DROP # nativehosting /sbin/iptables -A INPUT -i lo -s 127.0.0.1 -j ACCEPT # local /sbin/iptables -A INPUT -s 203.220.x.x/29 -j ACCEPT # local /sbin/iptables -A INPUT -s 203.220.x.x/24 -j ACCEPT # local /sbin/iptables -A INPUT -s 0/0 -p tcp --destination-port 113 -j REJECT \ --reject-with tcp-reset /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A INPUT -s 0/0 -d 203.220.x.x -p tcp --destination-port \ 25 -j ACCEPT (just repeat the above line for each port you want to allow repalceing port no.) -- Res - Network Solutions: clueless f'wits who dont care whos business they damage through their incompetance, which is only thing they excel at. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
