by Liam » Mon, 16 Oct 2000 10:01:04
by James Knot » Mon, 16 Oct 2000 04:00:00
> Hi,
> I need to be able to enable/disable certain IP addresses when
> requested. I know you can do that by using IPChains, but what
> is the best way for a program to alter the IPChain rules? Is there
> a more direct low-level way of doing that? Rather than running
> a shell command with ipchains.
> Cheers
> Liam
by Liam » Tue, 17 Oct 2000 04:00:00
> > Hi,
> > I need to be able to enable/disable certain IP addresses when
> > requested. I know you can do that by using IPChains, but what
> > is the best way for a program to alter the IPChain rules? Is there
> > a more direct low-level way of doing that? Rather than running
> > a shell command with ipchains.
> > Cheers
> > Liam
by vanbaren_gera » Tue, 17 Oct 2000 04:00:00
>> > Hi,
>> > I need to be able to enable/disable certain IP addresses when
>> > requested. I know you can do that by using IPChains, but what
>> > is the best way for a program to alter the IPChain rules? Is there
>> > a more direct low-level way of doing that? Rather than running
>> > a shell command with ipchains.
>> > Cheers
>> > Liam
SYSTEM(3) Linux Programmer's Manual SYSTEM(3)
NAME
system - execute a shell command
SYNOPSIS
#include <stdlib.h>
int system (const char * string);
DESCRIPTION
system() executes a command specified in string by calling
/bin/sh -c string, and returns after the command has been
completed. During execution of the command, SIGCHLD will
be blocked, and SIGINT and SIGQUIT will be ignored.
RETURN VALUE
The value returned is 127 if the execve() call for /bin/sh
fails, -1 if there was another error and the return code
of the command otherwise.
If the value of string is NULL, system() returns nonzero
if the shell is available, and zero if not.
system() does not affect the wait status of any other
children.
CONFORMING TO
ANSI C, POSIX.2, BSD 4.3
--
+--------------------------------------------------------------------------
| My employer is a company. Companies are artifacts of a legal system. |
|________________Artifacts are incapable of having opinions.________________|
1. ipchains -P input DENY (with no further rule) Disconnects ADSL Connection
I have an ADSL connection with a permanent IP. I have set up my RH 7.0 Linux
as my LAN's Gateway/Firewall.
eth0 is my external, and it's address is 10.200.1.1/8, as per the ISP's
instruction
eth1 is 192.168.1.1/24
I wanted to write my own firewall. So I started off with the command:
"ipchains -P input DENY", as a default for the time being.
However, after running this command I can then do nothing, not even PING,
and then my ADSL disconnects itself.
What am I doing wrong? All I wanted was "paranoid" firewall as my first
experiment!
--
Meron Lavie
www.redmatch.com - World's Largest Hi-Tech Salary Site
NOTE: THERE ARE NO DIGITS IN MY REAL EMAIL ADDRESS (ANTI-SPAM)
2. Establishing a web site with a domain name
3. ipchains-save, ipchains-restore (and WINS)
4. Reverse Engineering (was Re: Windows95 is DOS based. MS says so! :))
5. ipchains: command not found - only sometimes (ipchains newbie)
6. Getting Slackware 2.03.4 to recognize my GVC 56k pnp modem
7. ipchains log analysis tool (ipchains-db.pl)
9. Calling all ipchain geniuses - ipchain crticism welcomed!
10. IPCHAINS -F (or) IPCHAINS -F input, output, forward
11. Generating ipchains command from ipchains -L output.
12. Unable to install further Slackware disk sets
13. Further Optimizations for XF86Config?