iptables questions

Willem van der Walt wvdwalt at csir.co.za
Wed Jul 12 05:23:00 EDT 2006



On Tue, 11 Jul 2006, Tyler Littlefield wrote:

> Hello list,
> I tried running endoshield, and got a ton of errors.
> So, now I will try to do it manually. I'm going through a tutorial now, and I have a coupel questions.
> I can do the following.
> iptables -A INPUT -p tcp -dport 2200 -j queue
> iptables -A INPUT -p tcp -sport 2200 -j queue
> to allow for the traffic on port 2200 to go through. I think.
> But, lets say I create a rule for each port. The ones I want to allow, and the ones I don't want to allow.
> I think I can use a -s to make it only local if I want.
> Then, how would I block the ports that I haven't created rules for?
iptables -P INPUT DROP

>
next, if I set up the box as a DMZ, in front of the router, is there a way
  that I can make it manage all traffic coming in and out of the network?
  Just like the router would?
Yes, use two nics, bring your router in on the esternal one and your lan 
on the internal one.
HTH, Willem

> Thanks,
> website:
> http://tysplace.shaned.net
> msn:
> compgeek134 at hotmail.com
> aim:
> st8amnd2005
> skype:
> st8amnd127
> moo coder/wizard and administrator
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>

-- 
This message is subject to the CSIR's copyright, terms and conditions and
e-mail legal notice. Views expressed herein do not necessarily represent the
views of the CSIR.
 
CSIR E-mail Legal Notice
http://mail.csir.co.za/CSIR_eMail_Legal_Notice.html 
 
CSIR Copyright, Terms and Conditions
http://mail.csir.co.za/CSIR_Copyright.html 
 
For electronic copies of the CSIR Copyright, Terms and Conditions and the CSIR
Legal Notice send a blank message with REQUEST LEGAL in the subject line to
HelpDesk at csir.co.za.


This message has been scanned for viruses and dangerous content by MailScanner, 
and is believed to be clean.  MailScanner thanks Transtec Computers for their support.





More information about the Speakup mailing list