firewall rules
Charlie Bullen
plug-discuss@lists.plug.phoenix.az.us
Wed, 10 Apr 2002 12:58:25 -0700
This is a multi-part message in MIME format.
------=_NextPart_000_0015_01C1E08F.66DEB0E0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
Hi Iv'e created a set of firewall rules (my first attempt, ipchains). I =
want to be able to serve webpages, access the server remotley via ssh =
and allow 2 computers FTP access. I don't want anyone or anythng else to =
go in or out of the server. This is running on RedHat 7.2
Here are the rules
:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 63.226.xxx.xxx -d 0/0 20 -p tcp -y -j ACCEPT
-A input -s 63.226.xxx.xxx -d 0/0 21 -p tcp -y -j ACCEPT
-A input -s 63.226.yyy.yyy -d 0/0 20 -p tcp -y -j ACCEPT
-A input -s 63.226.yyy.yyy -d 0/0 21 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 63.226.zzz.zzz 53 -d 0/0 -p udp -j ACCEPT
-A input -s 0/0 -d 0/0 -p tcp -y -j REJECT
-A input -s 0/0 -d 0/0 -p udp -j REJECT
63.336.zzz.zzz is the IP of our router and 63.226.xxx.xxx and yyy are =
computers on the network that I want to have ftp access
Will the above do what I want it to do? Is what I want to do secure?
Regards,
Charlie
------=_NextPart_000_0015_01C1E08F.66DEB0E0
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dwindows-1252">
<META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi Iv'e created a set of firewall rules =
(my first=20
attempt, ipchains). I want to be able to serve webpages, access the =
server=20
remotley via ssh and allow 2 computers FTP access. I don't want anyone =
or=20
anythng else to go in or out of the server. This is running on RedHat=20
7.2</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Here are the rules</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>:input ACCEPT<BR>:forward =
ACCEPT<BR>:output=20
ACCEPT<BR>-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT<BR>-A input -s=20
63.226.xxx.xxx -d 0/0 20 -p tcp -y -j ACCEPT<BR>-A input -s =
63.226.xxx.xxx -d=20
0/0 21 -p tcp -y -j ACCEPT<BR>-A input -s 63.226.yyy.yyy -d 0/0 20 -p =
tcp -y -j=20
ACCEPT<BR>-A input -s 63.226.yyy.yyy -d 0/0 21 -p tcp -y -j ACCEPT<BR>-A =
input=20
-s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT<BR>-A input -s 0/0 -d 0/0 -i lo -j=20
ACCEPT<BR>-A input -s 63.226.zzz.zzz 53 -d 0/0 -p udp -j ACCEPT<BR>-A =
input -s=20
0/0 -d 0/0 -p tcp -y -j REJECT<BR>-A input -s 0/0 -d 0/0 -p udp -j=20
REJECT</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>63.336.zzz.zzz is the IP of our router =
and=20
63.226.xxx.xxx and yyy are computers on the network that I want to =
have ftp=20
access</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Will the above do what I want it to do? =
Is what I=20
want to do secure?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Regards,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Charlie</FONT></DIV></BODY></HTML>
------=_NextPart_000_0015_01C1E08F.66DEB0E0--