Steve wrote:
> ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 1:1023
> ipchains -A input -p ucp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 1:1023
> ipchains -A input -p tcp -j ACCEPT -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 80
> ipchains -A input -p udp -j ACCEPT -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 80
>
> But I can't get in to the web server unless I comment out the 1st 2 chains.
> what am I doing wrong?
Try the accept pair before the deny pair.
Firewall filters are sorted on a first match basis, so putting the
accept pair after the deny pair really doesn't do anything. Any attempt
to access your web server matches the DENY pair, and never makes it to
the accept pair : )
MSG
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
