Blocking Outside

[cyoung at bbnplanet.com (Chuck Young)]

Rumor has it that www.fwtk.org has an ipchains FAQ and example page.

I haven't been there.  See what you think.

HTH,

Chuck Young
GTE Internetworking

On Mon, 2 Aug 1999, Subba Rao wrote:

> Date: Mon, 02 Aug 1999 08:48:29 -0400 (EDT)
> From: Subba Rao <subb3 at ibm.net>
> To: Boston Linux Users Group <discuss at Blu.Org>
> Subject: Blocking Outside
> 
> Hello,
> 
> I am trying to implent rules in the INPUT chain, to block all outside connections to the GW or LAN hosts.
> My LAN uses the 10.x.x.x scheme. The GW is the Masquerading host. I want my LAN hosts to connect
> to the Internet. This is what I did,
> 
> $ ipchains -A input -s 10.0.0.1 0: -p TCP -j ACCEPT
> 
> At the end of the chain, if I add,
> 
> $ipchains -A input -s 0.0.0.0/0 0: -p TCP DENY   #to reject all other hosts
> 
> my systems cannot access the Internet. If I delete the DENY rule, then my hosts can connect to the Internet.
> However, I want to block outside access to my LAN. I want to block even "ping" and "traceroute" requests
> from the outside.
> 
> How can I achieve this? If someone, has implemented the chain rules, for a similar setup, I would appreciate
> you sharing your rules (with fake addresses). 
> 
> Thank you.
> 
> Subba Rao
> subb3 at ibm.net
> ==============================================================
> Disclaimer - I question and speak for myself.
> 
> http://pws.prserv.net/truemax/
> ______________________________________________________________
> 
> 
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).
> 

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).