> My current rule set test is:
>
> #!/bin/bash
>
> ### Libera rede interna ###
> iptables -A INPUT -s 10.15.192.0/22 <http://10.15.192.0/22> -p tcp
> --dport 3128 -j ACCEPT
>
> ### Libera acesso SSH ###
> iptables -A INPUT -s 10.15.192.7 <http://10.15.192.7> -p tcp --dport 22
> -j ACCEPT
>
> ### Bloqueia demais acessos ###
> iptables -A INPUT -j DROP
> iptables -A FORWARD -j DROP
> it is only to try allow the access on tcp port 3128 and the ssh port 22
> and drop all other ports, but, it does not work...
> what need i do?
You'll also most likely want to allow RELATED,ESTABLISHED connections,
outgoing DNS requests (udp and tcp port 53) and certain ICMP types (I
keep forgetting which...).
Why are you trying to build your own firewall instead of using one of
the many programs that can do it for you?
PS. Try to use a mail program that does not try to outsmart you... those
<http ...> parts should not be part of your firewall script.
>
> 2007/8/2, Ansgar -59cobalt- Wiechers <lists@planetcobalt.net
> <mailto:lists@planetcobalt.net>>:
>
> On 2007-08-02 Harlei Liguori wrote:
> > i'm trying to config the iptables rules on a server running squid,
> > but, i dunno how to do it...
>
> One way would be to start by reading those fine manuals.
>
>
http://www.tldp.org/HOWTO/Firewall-HOWTO.html
>
http://www.tldp.org/HOWTO/TransparentProxy.html
>
> > my squid proxy is running on the porta 3128... i tryed to allow the
> > tcp porta 3128 and drop all other ports, but it does not work...
> i was
> > thinking about the name resolution, then, i must allow the correct
> > port, but i dunno which... and i dunno if i need allow other ports to
> > config this firewall on this proxy server... can someone help me
> to do
> > it?
>
> Another way would be to post your current ruleset, so people could
> hazard a guess about where you went wrong.
--
Tot ziens,
Bart-Jan
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment