IP Chains specific rule

IP Chains specific rule

Post by dmalcol » Thu, 12 Aug 1999 04:00:00



I am running Slackware Linux 4.0 and have a masquerading firewall
running and working.  I used cwrulug.Ian Hall-Beyer's script to get
everything running and it seems to be just fine.  I need a specific rule
to block http access for one specific internal IP address. I want to
leave other web services intact for that and all other internal IP's..

Thanks.

Dan Malcolm

  dmalcolm.vcf
< 1K Download
 
 
 

IP Chains specific rule

Post by Robert_Glove » Fri, 13 Aug 1999 04:00:00


try this

ipchains -I forward 1 -p tcp -s that-pesky-host -d 0/0 80 -j REJECT

I am running Slackware Linux 4.0 and have a masquerading firewall
running and working.  I used cwrulug.Ian Hall-Beyer's script to get
everything running and it seems to be just fine.  I need a specific
rule
to block http access for one specific internal IP address. I want to
leave other web services intact for that and all other internal IP's..

Thanks.

Dan Malcolm


 
 
 

IP Chains specific rule

Post by dmalcol » Fri, 13 Aug 1999 04:00:00


Thanks Robert:

After I posted the message I kept working at it and came up with
$IPCHAINS -A forward -p tcp -s that-pesky-host -d 0/0 www -j DENY

where $IPCHAINS is defined as /sbin/ipchains.  Essetially I came up with
what you suggested and it works
very well.  Thanks for the help.

Dan


> try this

> ipchains -I forward 1 -p tcp -s that-pesky-host -d 0/0 80 -j REJECT


> I am running Slackware Linux 4.0 and have a masquerading firewall
> running and working.  I used cwrulug.Ian Hall-Beyer's script to get
> everything running and it seems to be just fine.  I need a specific
> rule
> to block http access for one specific internal IP address. I want to
> leave other web services intact for that and all other internal IP's..

> Thanks.

> Dan Malcolm


  dmalcolm.vcf
< 1K Download
 
 
 

IP Chains specific rule

Post by Robert C. Paulsen, Jr » Fri, 13 Aug 1999 04:00:00



> Thanks Robert:

> After I posted the message I kept working at it and came up with
> $IPCHAINS -A forward -p tcp -s that-pesky-host -d 0/0 www -j DENY

> where $IPCHAINS is defined as /sbin/ipchains.  Essetially I came up with
> what you suggested and it works
> very well.  Thanks for the help.

> Dan


> > try this

> > ipchains -I forward 1 -p tcp -s that-pesky-host -d 0/0 80 -j REJECT


> > I am running Slackware Linux 4.0 and have a masquerading firewall
> > running and working.  I used cwrulug.Ian Hall-Beyer's script to get
> > everything running and it seems to be just fine.  I need a specific
> > rule
> > to block http access for one specific internal IP address. I want to
> > leave other web services intact for that and all other internal IP's..

> > Thanks.

> > Dan Malcolm


I have a similar ipchains rule (also a pesky local host, a WIN2000 beta)
but I put it in the input chain instead of the forward chain. Why let it
in at all if you know up front that it will be denied/rejected? Also,
in my case I found that it was name server requests causing a problem so
I ended up with:

ipchains -I input -p udp -s the-pesky-host -d 0/0 53 -J REJECT

--
____________________________________________________________________
Robert Paulsen                         http://paulsen.home.texas.net
If my return address contains "ZAP." please remove it. Sorry for the
inconvenience but the unsolicited email is getting out of control.

 
 
 

1. Need an IP Chains rule

I am running Slackware Linux 4.0 and have a masquerading firewall
running and working.  I used Ian Hall-Beyer's script to get everything
running and it seems to be just fine.  I need a rule to allow http
access to out web server that is located inside the firewall.

If that is not possible can I do this with SOCKS or TIS FWTK or can I
use Apache as the proxy? Can I do it on the same machine as the
firewall?  Its a P5-166

Thanks.

Dan Malcolm

--------------------------------------------
Don't you wish life had an UNDO function?

  dmalcolm.vcf
< 1K Download

2. purging MBR

3. A Simple IP Chains rule question.

4. Does anyone do Software RAID with two IDE drives?

5. IP Chains rules relating to fragments and marking a packet

6. Help: fonts too small in Netscape.

7. How do I list a particular IP chain rule (by number)?

8. make nbd working in 2.5.x

9. IP chain rule syntax Question/Problem

10. PF rule allowing specific IP's to pass

11. ipchains rule for telnetetting from a specific ip-range

12. IP Chains, IP Masq, and Dial on Demand Problems

13. IP-Chains vs. IP-Masquerade