Blocking Outside

[Subba Rao]

Hello,

I am trying to implent rules in the INPUT chain, to block all outside connections to the GW or LAN hosts.
My LAN uses the 10.x.x.x scheme. The GW is the Masquerading host. I want my LAN hosts to connect
to the Internet. This is what I did,

$ ipchains -A input -s 10.0.0.1 0: -p TCP -j ACCEPT

At the end of the chain, if I add,

$ipchains -A input -s 0.0.0.0/0 0: -p TCP DENY   #to reject all other hosts

my systems cannot access the Internet. If I delete the DENY rule, then my hosts can connect to the Internet.
However, I want to block outside access to my LAN. I want to block even "ping" and "traceroute" requests
from the outside.

How can I achieve this? If someone, has implemented the chain rules, for a similar setup, I would appreciate
you sharing your rules (with fake addresses). 

Thank you.

Subba Rao
subb3 at ibm.net
==============================================================
Disclaimer - I question and speak for myself.

http://pws.prserv.net/truemax/
______________________________________________________________


-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).