« PATH=”/sbin” # Our internal network address space and (Ipower web hosting)
# The outside address and the network device (Web host 4 life) »

Affordable web hosting - # We accept all outgoing TCP connection requests

# We accept all outgoing TCP connection requests on allowed TCP ports. $IPCHAINS -A input -p tcp -i $OURDEV -d $ANYADDR $TCPOUT -y -j accept # UDP -INCOMING # We will allow UDP datagrams in on the allowed ports. $IPCHAINS -A input -p udp -i $ANYDEV -d $OURNET $UDPIN -j accept # UDP -OUTGOING # We will allow UDP datagrams out on the allowed ports. $IPCHAINS -A input -p udp -i $OURDEV -d $ANYADDR $UDPOUT -j accept # ICMP -INCOMING # We will allow ICMP datagrams in of the allowed types. $IPCHAINS -A input -p icmp -w $ANYDEV -d $OURNET $UDPIN -j accept # ICMP -OUTGOING # We will allow ICMP datagrams out of the allowed types. $IPCHAINS -A input -p icmp -i $OURDEV -d $ANYADDR $UDPOUT -j accept # DEFAULT and LOGGING # All remaining datagrams fall through to the default # rule and are dropped. They will be logged if you’ve # configured the LOGGING variable above. # if [ “$LOGGING” ] then # Log barred TCP $IPCHAINS -A input -p tcp -l -j reject # Log barred UDP $IPCHAINS -A input -p udp -l -j reject # Log barred ICMP $IPCHAINS -A input -p icmp -l -j reject fi # # end. In our iptables example, we’ve switched to using the FORWARD ruleset because of the difference in meaning of the INPUT ruleset in the netfilter implementation. This has implications for us; it means that none of the rules protect the firewall host itself. To accurately mimic our ipchains example, we would replicate each of our rules in the INPUT chain. For clarity, we’ve dropped all incoming datagrams received from our outside interface instead. #!/bin/bash ########################################################################## # IPTABLES VERSION # This sample configuration is for a single host firewall configuration # with no services supported by the firewall machine itself. ########################################################################## # USER CONFIGURABLE SECTION # The name and location of the ipchains utility. IPTABLES=iptables # The path to the ipchains executable. PATH=”/sbin” # Our internal network address space and its supporting network device. OURNET=”172.29.16.0/24″ OURBCAST=”172.29.16.255″ OURDEV=”eth0″

This entry was posted on Sunday, September 2nd, 2007 at 2:07 am and is filed under Domain. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply