Re: ipchains question

Mon, 26 Mar 2001 16:09:07 -0800 

On Mon, 26 Mar 2001, Statux wrote:

> For those of you who use ipchains:
>
> I am reading one of the newer IPCHAINS-HOWTOs and it says how you can
> specify ports with the $LOCALIP symbol. However, when I do the following:
>
> # ipchains -A input -p tcp -d $LOCALIP 21 -l -j DENY
>
> I get this:
>
> DENY       tcp  ----l-  anywhere             0.0.0.21              any ->
> any
>
> Note how the port number actually gets added to 0.0.0.0 (0 in 32bit decimal
> form.. 0+21 = 0.0.0.21) which is not what I mean. Also, the ports section
> at the end sorta seems to half-realize that I tried specifying a port (or
> port range) but something seems screwed.
>
> Now, when I do this:
>
> # ipchains -A input -p tcp -d 127.0.0.1 21 -l -j DENY
>
> with the address explicitly specified, I get this:
>
> DENY       tcp  ----l-  anywhere             localhost             any ->
> ftp
>
> Which is correct.
>
> Am I missing something? That first example of mine doesn't seem to yield
> correct (documented.. HOWTO, etc) output. Even if they altered the
> options etc of the program, it makes no sense that it only works when
> you specify an explicit address (not the symbol) and it also makes no
> sense that it only half figures there to be a port specification and
> yet makes nothing legible out of it.. or whatever I'm trying to say. It's
> like 4:30am. I'm not all with it :P
>
> Ideas? Thanks
>
> -Statux
>
I am not sure what HOWTO you were reading, but did they define $LOCALIP
in their firewall script?  It is very common to define things like the
local IP, local and Internet NICs, nameservers addresses as labels at
the start of the script, and use them in the script instead of the
actual values.

>From the looks of your example, $LOCALIP was not defined when you used
it, so it is replaces with nothing, and 21 becomes the IP address,
instead of the port.  In other words, the command becomes:
ipchains -A input -p tcp -d  21 -l -j DENY

Mikkel
-- 

    Do not meddle in the affairs of dragons,
 for you are crunchy and taste good with ketchup.



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to