[Bridge] ipchains problem

Wayback MachineAbout this captureCOLLECTED BY Organization: Alexa Crawls Starting in 1996, Alexa Internet has been donating their crawl data to the Internet Archive. Flowing in every day, these data are added to the Wayback Machine after an embargo period. Collection: Alexa Crawls DE Crawl data donated by Alexa Internet. This data is currently not publicly accessible TIMESTAMPSloadingMikko Lammilammaz@lammaz.net
Thu, 17 Aug 2000 18:23:16 +0300At 17:43 17.8.2000 , you wrote:>I would like to use the bridge to firewall using ipchains.>>I have managed to set up a perfectly working bridge now, but when I try and>set up the ipchains, I get very spurious results.>>my simple example is below>> ——- Firewall ——- Anything else>>my ipchains script is as follows….>>ipchains -F>ipchains -X>ipchains -N br0 (yep its called the same as my bridge)>>ipchains -A br0 -b -p tcp -s 22 -d 0/0 22 -j ACCEPT>ipchains -A br0 -p tcp -j DENY>>as far as I can work out this should block all tcp protocols getting through>except ssh (22).In your configuration you are accepting only connections thathave BOTH souce and destination ports 22. SSH, like most of the TCP procotols,however uses different (and random) source port, for example 1228. So I recommendtryingipchains -A br0 -p tcp -s -d 0/0 22 -j ACCEPTipchains -A br0 -p tcp -s 0/0 -d 22 -j ACCEPTthus allowing any source port but only 22 as destination port.–* |_/ ~~””~~. ** L a m m a z (” ) ~ ) lammaz@lammaz.net ** ————- v ( ~____ ~) ————————- ** Mikko Lammi | | | | www.lammaz.net *

Leave a Reply

Your email address will not be published. Required fields are marked *