I am a little confused with your explanation. I could experience the same as
Wellington but the, when you start (as you should) with :
> > ipchains -P input REJECT
> > ipchains -P output REJECT
> > ipchains -P forward REJECT
Those rules match everything for the given chains (input, output and forward) don't
they ? In that case, why is ipchains still going down to find other matching rules ?
Thanks
Philippe
Bret Hughes <[EMAIL PROTECTED]> writes:
> Wellington Terumi Uemura wrote:
>
> > Question 1:
> > Here is my basic script:
> > #!/bin/sh
> > PATH=/sbin
> >
> > ipchains -P input ACCEPT
> > ipchains -P output ACCEPT
> > ipchains -P forward ACCEPT
> > ipchains -F
> > ipchains -P input REJECT
> > ipchains -P output REJECT
> > ipchains -P forward REJECT
> > ipchains -A input -p tcp -s 192.168.0.0/24 -d 192.168.1.3 22 -j ACCEPT
> > ipchains -A input -p tcp -s 192.168.0.0/24 -d 192.168.1.3 23 -j ACCEPT
> > ipchains -A output -p tcp -s 192.168.1.3 22 -d 192.168.0.0/24 -j ACCEPT
> > ipchains -A output -p tcp -s 192.168.1.3 23 -d 192.168.0.0/24 -j ACCEPT
> > ipchains -A input -s 0/0 -d 0/0 -j REJECT -l
> > ipchains -A output -s 0/0 -d 0/0 -j REJECT -l
> >
> > The last two lines that i want to know about,if i move then to the top of
> > the script even if i open the telnet and ssh like i did,the ipchains dont
> > accept connections for telnet and ssh,why???
> > I use this last two lines for debug proposes and i know if i comment this
> > lines out,everything bellow will work,but i dont understand the why!
> >
>
> I believe IP chains cruises down the "chain" of rules until one matches.
> then does what ever the target is. It can be another set of rules or
> one of the special actions like REJECT. By putting these lines first the
> packet matches the rule, and rejects the packet and stops. Order is
> important since each rule is examined in the order they appear and if
> matched no other action will be taken.
>
> >From the ipchains man page
>
> TARGETS
> A firewall rule specifies criteria for a packet, and a
> target. If the packet does not match, the next rule in
> the chain is the examined; if it does match, then the next
> rule is specified by the value of the target, which can be
> the name of a user-defined chain, or one of the special
> values ACCEPT, DENY, REJECT, MASQ, REDIRECT, or RETURN.
>
> In this case the 0/0 notation must mean all hosts. I am used to seeing
> it as 0.0.0.0/0 but this is more concise. It threw me a little because
> I have not messed with this stuff for a while and had to figure out the
> host src and dest notation.
>
>
> Hope this helps.
>
> Bret
>
> > Question 2
> > Every body know about hackers doing party on internet servers they dont
> > own,so,i have an idea and doesn't know if this it's possible.
> > If we put a prog to check our systems ( servers ) like portsentry,iplogger
> > or whatever and create a script or program to filter this logs,grab the
> > attackers IP, and auto-generate ipchains rules against the intruder???
> > I mean,to take over a server you need to scan it first,or do an search on
> > open ports and then attack(DOS attacks and many others).For example,port
> > scanners searchs are fast ( last than 1 sec for x ports ) but they come from
> > the same source,taking base on this "magic program or script" will lock up
> > IPs that change from one port to another in x secs and then generate an
> > ipchains whatever -j REJECT.
> > This is just a idea,and example,this kind a prog cam be made or allready
> > exist?
> >
> > Thanks
> > ______________________________________________________
> > Get Your Private, Free Email at http://www.hotmail.com
> >
> > --
> > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > as the Subject.
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
