Re: [TCLUG:13767] IPCHAINS again...

[Nate Carlson <natecars@real-time.com>]

On Sun, 20 Feb 2000, Ryan Hankins wrote:

> 
> > Anyone know what I'm doing wrong now?...
> 
> TCP connections send packets in two ways, of course, regardless of the
> direction from which they are initiated.  What you are doing in this
> case is to block packets coming into your machine.  What you really want
> to do is to block packets that are in streams where the SYN packets did
> not originate from your machine, meaning that another computer initiates
> the stream, not your computer.  You can do this using the -y option to
> ipchains.
> 
> Consider using a rule like this:
> 
> ipchains -A input -p tcp -s 0/0 -d 0/0 -j DENY -y -l
> 
> Such a rule allows only tcp connections that are started by your
> machine, and not ones that are initiated from the outside.  Do not think
> that you can write one ipchains rule that will in itself create a
> firewall; such a rule will be either quite insecure, or it will (as in
> the case you mentioned) be so secure that it will be overly limiting.
> 
> I recommend you take a look at the ipchains howto:
> 
> http://howto.tucows.com/LDP/HOWTO/IPCHAINS-HOWTO-4.html
> 
> Especially look at section 4.1: Specifying TCP SYN Packets Only
> 
> -R
> 

Erm, yeah, I suppose I should have read the original post.. the line I
gave you will block _all_ incoming, so you have to allow any incoming
traffic you would like, including responses to anything you send out, with
the -j ACCEPT flag... read the HOWTO, it should tell you what you need to
know.

-- 
Nate Carlson <carlson@real-time.com>    | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500