help using ipchains

[Nelson Garcia]

You are missing the output rules.

I think this script will do what you want:

-----------------
#!/bin/sh
extint="eth0"
# Ronnie, modify the line below to your needs
extip="0.0.0.0"
UNPRIVPORTS="1024:65535"
ANYWHERE="0.0.0.0/0"

# Flush any existing rules
ipchains -F

# Set the default policies
ipchains -P input DENY
ipchains -P output REJECT
ipchains -P forward REJECT

#HTTP: accessing remote web sites
ipchains -A output -i $extint -p tcp -s $extip $UNPRIVPORTS -d $ANYWHERE
80 -j ACCEPT
ipchains -A input -i $extint -p tcp ! -y -s $ANYWHERE 80 -d $extip
$UNPRIVPORTS -j ACCEPT

#HTTPS: accessing remote web sites over SSL as a client
ipchains -A output -i $extint -p tcp -s $extip $UNPRIVPORTS -d $ANYWHERE
443 -j ACCEPT
ipchains -A input -i $extint -p tcp ! -y -s $ANYWHERE 443 -d $extip
$UNPRIVPORTS -j ACCEPT

# SSH: Allowing outgoing clients access to remote sites
ipchains -A output -i $extint -p tcp -s $extip $UNPRIVPORTS -d $ANYWHERE
22 -j ACCEPT
ipchains -A input -i $extint -p tcp ! -y -s $ANYWHERE 22 -d $extip
$UNPRIVPORTS -j ACCEPT

----------------


Aloha,
Nelson

> -----Original Message-----
> From: Ronnie [mailto:rlivings at hawaii.edu]
> Sent: Tuesday, September 04, 2001 5:01 PM
> To: Linux & Unix Advocates & Users
> Subject: [luau] help using ipchains
>
>
> hello im trying to set up a firewall with the help of "Hacking Linux
> Exposed".  Unfortunately now i cant view webpages from my linux box.
> These are the steps that i did:
>
> /sbin/ipchains -P input DENY
> /sbin/ipchains -A input -s 0/0 -d 172.128.0.10 www -p tcp -j ACCEPT
> /sbin/ipchains -A input -s 0/0 -d 172.128.0.10 ssh -p tcp -j ACCEPT
> /sbin/ipchains -A input -j DENY -l
>
> now when i try to connect to the outside world, i cant.
>
> thanks,
> Ronnie
>
> ---
> You are currently subscribed to luau as: garcian002 at hawaii.rr.com
> To unsubscribe send a blank email to $subst('Email.Unsub')