Re: [TCLUG:5678] ipchains script

[JellyD <jellyd@jellyd.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sometime around the 29th of April in 1999, a certain Ben Luey said:

: Here is my ipchains script. It allows smtp and web from anywhere. telnet
: and ftp from trusted hosts, ssh from anywhere, but #ed out.
:
: To connect to an ssh server via ssh (version 1) you need port 1023 open.

Okay, I just can't get these damned ipchains to work. I can
setup all my rules, it all looks fine, a visual path-following
seems correct, and using the packet-checking option (-C) says
it's working fine ..

.. but if i've got the default input policy set to DENY, none of
my packets get through (even for rules specified to accept),
and if I've got it set to ACCEPT, any packet can get through,
even if it's specified as DENY.

I'm pissed.

I'm not going to post my rc.ipchains script until I've got it
working (it's fugly, and about 9k), or unless someone requests
it.

I even tried using your script, Ben (just modified the hosts),
and it doesn't block a 'telnet <my ip> 5555', for example, even
though 5555 has no rule (thus defaulting to the last DENY
rule).

- --
[----------------------------------------------------------------------]
| Joshua Becker                    - aka -                      JellyD |
| email: jellyd@jellyd.org                          IRC: EFnet, DALnet |
[----------------------------------------------------------------------]

-----BEGIN PGP SIGNATURE-----
Version: GNUPG v0.4.3 (GNU/Linux)
Comment: For info finger gcrypt@ftp.guug.de

iD8DBQE3KVPScmkpI69BOLwRAkyJAKCxwrKJw8MpHLaiGbPYPtQA7LTyWACeI83I
VZDQUxGIIqZ9cMHuPU6eSjE=
=Msl3
-----END PGP SIGNATURE-----