LinuxSA Mailing list archives

  From: Adam Hawes <adam_hawes@dingoblue.net.au>
  To  : Mick Collins <mickwell@bigpond.com>
        Linux SA <linuxsa@linuxsa.org.au>
  Date: Wed, 29 Nov 2000 23:05:15 +1030

Re: IPCHAINS AND FIREWALL

<script>
#!/bin/sh

# Flush chain
/sbin/ipchains -F

# Deny all
/sbin/ipchains -P input deny
/sbin/ipchains -P output deny
/sbin/ipchains -P forward deny

#
# Network is pretty secure by here, can quit if we want real secure
# <GRIN>
#

# Forward only port 8080
/sbin/ipchains -A input -i eth0 -p tcp -s 192.168.1.0/24 --dport 8080 -j
accept
/sbin/ipchains -A forward -p tcp -s 192.168.1.0/24 --dport 8080 -j
reject

# Alternately, try IPPORTFW for transparent proxy
#
# Using this method you don't need to set a proxy.  All access to the
# outside on 8080 will be transparently forwarded to port 8080 on the
# gateway (squid I take it) and proxied.
#
#/usr/sbin/ipmasqadm portfw -a -P tcp -L 192.168.1.0/24 8080 -R gateway
8080

# Add the rest of your IPMASQ rules here

</script>

The above script is pretty crappy but will do EXACTLY what you
requested.  Of course, there may be some side-effects like all other
traffic sort of... oh, i dunno... stopping... but you didn't specify you
wanted _other_ traffic!

Don't trust my script either; I have just really started getting into
ipchains and don't fully unterstand it yet!

That should fsck you for a while!

Cheers,
Adam

-- 
Adam Hawes

Web:       http://overfiend.iwarp.com
Email:     adam_hawes@dingoblue.com.au
ICQ:       2492016

Voicemail: +61 (08) 8219-3238
Fax:       +61 (08) 8219-3238

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GAT dpu s+: a-- C++++ UL++ P+ L+++ E W- N+++ o+ K- w--- 
O- M V-- PS+ PE Y++ PGP++ t 5- X+++ R* tv b+ DI+ D---- 
G e* h! r--- y** 
------END GEEK CODE BLOCK------

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject