The Bridge 2000-June Archive by Date

Wayback MachineAbout this captureCOLLECTED BY Organization: Alexa Crawls Starting in 1996, Alexa Internet has been donating their crawl data to the Internet Archive. Flowing in every day, these data are added to the Wayback Machine after an embargo period. Collection: Alexa Crawls DE Crawl data donated by Alexa Internet. This data is currently not publicly accessible TIMESTAMPSloading

Starting:Wed May 31 22:14:00 2000
Ending:Thu Jun 29 16:24:39 2000
Messages: 62

Last message date:Thu Jun 29 16:24:39 2000
Archived on:Sun Jul 9 00:55:31 2000

This archive was generated by Pipermail 0.05 (Mailman edition).

[Bridge] ipchains problem

Wayback MachineAbout this captureCOLLECTED BY Organization: Alexa Crawls Starting in 1996, Alexa Internet has been donating their crawl data to the Internet Archive. Flowing in every day, these data are added to the Wayback Machine after an embargo period. Collection: Alexa Crawls DE Crawl data donated by Alexa Internet. This data is currently not publicly accessible TIMESTAMPSloadingMikko Lammilammaz@lammaz.net
Thu, 17 Aug 2000 18:23:16 +0300At 17:43 17.8.2000 , you wrote:>I would like to use the bridge to firewall using ipchains.>>I have managed to set up a perfectly working bridge now, but when I try and>set up the ipchains, I get very spurious results.>>my simple example is below>>212.219.8.188 ——- Firewall ——- Anything else>>my ipchains script is as follows….>>ipchains -F>ipchains -X>ipchains -N br0 (yep its called the same as my bridge)>>ipchains -A br0 -b -p tcp -s 212.219.8.188 22 -d 0/0 22 -j ACCEPT>ipchains -A br0 -p tcp -j DENY>>as far as I can work out this should block all tcp protocols getting through>except ssh (22).In your configuration you are accepting only connections thathave BOTH souce and destination ports 22. SSH, like most of the TCP procotols,however uses different (and random) source port, for example 1228. So I recommendtryingipchains -A br0 -p tcp -s 212.219.8.188 -d 0/0 22 -j ACCEPTipchains -A br0 -p tcp -s 0/0 -d 212.219.8.188 22 -j ACCEPTthus allowing any source port but only 22 as destination port.–* |_/ ~~””~~. ** L a m m a z (” ) ~ ) lammaz@lammaz.net ** ————- v ( ~____ ~) ————————- ** Mikko Lammi | | | | www.lammaz.net *