HPE Community
Operating System - Linux
1825657 Members
3711 Online
109686 Solutions
New Discussion

Re: Ipchains rules

 
SOLVED
Go to solution
Victor Salvador
Occasional Contributor

‎08-08-2001 08:55 AM

‎08-08-2001 08:55 AM

Ipchains rules

I have Redhat 7.1, an only have one ethernet card and one ip address, I try to filter telnet and ftp to work only with one remote pc, allow www for all and deny any other port, but when I apply the rules the telnet, ftp and www don't work for any pc or local, the icmp rules work good, there are the rules:
ipchains -A input -p icmp -s -j ACCEPT
ipchains -A input -p icmp -j DENY
ipchains -A input -p tcp -s ftp -j ACCEPT
ipchains -A input -p tcp -s ftp-data -j ACCEPT
ipchains -A input -p tcp -s telnet -j ACCEPT
ipchains -A input -p tcp -s 0.0.0.0/0 www -d 0.0.0.0/0 www -j ACCEPT
ipchains -A input -j DENY -l
0 Kudos
Reply
3 REPLIES 3
Jeffrey S. Sims
Trusted Contributor

‎08-08-2001 01:40 PM

‎08-08-2001 01:40 PM

Re: Ipchains rules

Victor,

I am not sure about using ipchains to restrict these services but you can combine tcp wrappers and utilize the hosts.allow and hosts.deny files to restrict or disable access to services.

Entering something like the example below to your hosts.allow file to give access to telnet and ftp:

in.telnetd: 192.168.1.1
in.ftpd: 192.168.1.1

hosts.deny has the same syntax except it is used to restrict access to the services.

Hope this helps.

0 Kudos
Reply
Bill Thorsteinson
Honored Contributor

‎08-08-2001 06:41 PM

‎08-08-2001 06:41 PM

Solution

Re: Ipchains rules

The input rules should be
-d -s
not
-s

I think ftp-data is the exception. Check your log file
for failures.

The tcp-wrappers is a good way to further protect
services run through inetd (usually not http).
Reply
Elliot Nesterman
Occasional Advisor

‎08-15-2001 10:21 PM

‎08-15-2001 10:21 PM

Re: Ipchains rules

Dude. ipchains sucks!

iptables Rulez!

(Sorry, I couldn't resist.)
The closer you are to the code, the happier you are. - Ancient Geek Proverb
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.