[lug] IPCHAINS again.
Kevin Fenzi
kevin at scrye.com
Tue Oct 17 11:38:34 MDT 2000
>>>>> "John" == John Starkey <jstarkey at advancecreations.com> writes:
John> I'm setting up a remote machine, so I don't wanna lock myself
John> out, and as many of you know I have really bad luck with
John> ipchains.
John> ipchains -P input DENY ipchains -P output DENY ipchains -P
John> forward DENY
John> ipchains -A input -p tcp -s xx.xx.xx.xx -d xx.xx.xx.xx 22 -j
John> ACCEPT ipchains -A output -p tcp -s xx.xx.xx.xx -d xx.xx.xx.xx
John> 22 -j ACCEPT
John> This should allow me to SSH in while I config the rest of the
John> rulesets, correct??
almost.
The output rule is wrong...
you have:
ipchains -A output -p tcp -s xx.xx.xx.xx -d xx.xx.xx.xx 22 -j ACCEPT
What you want is:
ipchains -A output -p tcp -s xx.xx.xx.xx 22 -d xx.xx.xx.xx -j ACCEPT
ie, for the output rule, the source will be the local machine's IP
port 22 (ssh) and going to your machine (any port)
John> Thanks,
John> John
kevin
--
Kevin Fenzi
MTS, tummy.com, ltd.
http://www.tummy.com/ KRUD - Kevin's Red Hat Uber Distribution
More information about the LUG
mailing list