faqts : Computers : Operating Systems : Linux : Networking : TCP/IP : IP Chains

+ Search
 Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

26 of 29 people (90%) answered Yes
Recently 8 of 10 people (80%) answered Yes

Entry

I have two ethernet cards, how can I use ipchains to accept telnet and ftp on one interface only?
How can I configure ipchains by device?

May 15th, 2000 21:58
Nathan Wallace, Arjan Drieman
 


Sure, by using -i <device>, for example

  ipchains -A input -p tcp -i eth1 -d 0/0 23 -j DENY

will deny all packets with a destination port 23 on your machine,
coming from eth1.  You can also use the source addresses instead of
the device, e.g.

  # Allow local network to telnet
  ipchains -A input -p tcp -s 192.168.0.0/24 -d 0/0 23 -j ACCEPT

  # Deny all (other) telnet access
  ipchains -A input -p tcp -d 0/0 23 -j DENY

Maybe you'd like to use my masqeurade/firewall script,

  http://duckie.neep.net/firewall