IPCHians with 1 Netcard(Off Subject?)

[Jonathan Kline <jonathankl@sabis.org>]

Ok it is possible to selectivily allow and deny Protocals/Ports with One
Netcard?  I have an netcard(eth0) @ 206.191.221.134/255.255.255.0 
I want to allow SMTP,POP-3, and HTTP to everyone.  SSH on port 22 to two
different subnets, 206.191.221.0/255.255.255.0 and 63.224.*.*/24.  Also I
want to be able to Telnet from my Box to other hosts on the network....
And to accept Samba data from one specific box..... And DENY everything to
bitstream.net if possible......

I've attached the script I created, but it denys a little too much!
Thanks for the help in advance.


_____________________________________________________________________________________________________________________________
						Jonathan Kline, A+
					     jonathankl@ism-sabis.net
					      Webmaster and Ast Admin


--BEGIN GEEK CODE BLOCK--
Version 3.12
GCM d s+:+ a--- C++ UL++++ p+ L+++ E---- W++ N++ o+ K- w
o M-- V- PS+++ PE++ Y+ PGP++ t+++ S-- X+++ R+++ tv++ b++ DI++ D++
G e- h++ r-- !y+
--END GEEK CODE BLOCK--

_____________________________________________________________________________________________________________________________
#ISM Students' Firewall
#Established By Jonathan Kline
#
#Flsuh any Active rules and disable firewall while we make a new one
echo "Flushing rulesets."
echo -n
ipchains -F input
ipchains -F output
#The LoopBack Interface is allowed free range?
echo "Setting up Loopback Interface."
echo -n
ipchains -A input -i lo -s 0/0 -d 0/0 -j ACCEPT
#
#DENY Everything
echo "Deny ALL."
echo -n
ipchains -A input -i eth0 --dport 1:65535 -p tcp -j DENY
ipchains -A input -i eth0 --dport 1:65525 -p udp -j DENY
#
#Block Bitstream -- Andrew's Domain(Know Cracker)
#echo "Denying Bitstream Underground"
#echo -n
#ipchains -A input -l -s bitstream.net -d 206.191.221.134/24 -j REJECT
#
#Allow Incomming/Outgoing Services to Email, HTTP, POP-3
echo "Allow Email, SMTP, POP-3, HTTP, and SSH."
echo -n
ipchains -A input -i eth0 -s 0/0 -d 0/0 25 -p tcp -j ACCEPT
ipchains -A output -i eth0 -s 0/0 -d 0/0 25 -p tcp -j ACCEPT
ipchains -A input -i eth0 -s 0/0 -d 0/0 22 -p tcp -j ACCEPT
ipchains -A output -i eth0 -s 0/0 -d 0/0 22 -p tcp -j ACCEPT
ipchains -A input -i eth0 -s 0/0 -d 0/0 80 -p tcp -j ACCEPT
ipchains -A output -i eth0 -s 0/0 -d 0/0 80 -p tcp -j ACCEPT
ipchains -A input -i eth0 -s 0/0 -d 0/0 110 -p tcp -j ACCEPT
ipchains -A output -i eth0 -s 0/0 -d 0/0 110 -p tcp -j ACCEPT
#
#Allow Samba File Sharing From ISM1(206.191.221.51/24)
echo "Allow SAMBA file sharing from ISM1."
echo -n
ipchains -A input -p tcp -s 206.191.221.51/24 -d 206.191.221.134/24 139 -j ACCEPT
ipchains -A input -p udp -s 206.191.221.51/24 -d 206.191.221.134/24 139 -j ACCEPT
ipchains -A output -p tcp -s 206.191.221.51/24 -d 206.191.221.134/24 139 -j ACCEPT
ipchains -A output -p udp -s 206.191.221.51/24 -d 206.191.221.134/24 139 -j ACCEPT
#Let Us Telnet to Sabis
echo "Enable Telnet to Internal Net."
echo -n
ipchains -A input -s 206.191.221.0/255.255.255.0 -d 206.191.221.0/255.255.255.0 23 -p tcp -j ACCEPT
ipchains -A output -s 206.191.221.0/255.255.255.0 -d 206.191.221.0/255.255.255.0 23 -p tcp -j ACCEPT
#Open The High Ports to allow ouside access and services to operate
ipchains -A input -p tcp -s 0/0 -d 206.191.221.134/255.255.255.0 1025:65535 -j ACCEPT