HostedDB - Dedicated UNIX Servers

Securing-Optimizing-RH-Linux-1_2_114
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 114     # DNS client (53)     # ---------------     ipchains -A input  -i $EXTERNAL_INTERFACE -p udp \              -s $NAMESERVER_1 53 \              -d $IPADDR $UNPRIVPORTS -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p udp \              -s $IPADDR $UNPRIVPORTS \              -d $NAMESERVER_1 53 -j ACCEPT       ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \              -s $NAMESERVER_1 53 \              -d $IPADDR $UNPRIVPORTS -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \              -s $IPADDR $UNPRIVPORTS \              -d $NAMESERVER_1 53 -j ACCEPT       ipchains -A input  -i $EXTERNAL_INTERFACE -p udp \              -s $NAMESERVER_2 53 \              -d $IPADDR $UNPRIVPORTS -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p udp \              -s $IPADDR $UNPRIVPORTS \              -d $NAMESERVER_2 53 -j ACCEPT       ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \              -s $NAMESERVER_2 53 \              -d $IPADDR $UNPRIVPORTS -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \              -s $IPADDR $UNPRIVPORTS \              -d $NAMESERVER_2 53 -j ACCEPT   # ----------------------------------------------------------------------------     # TCP accept only on selected ports      # ---------------------------------     # ------------------------------------------------------------------     # SSH server (22)     # ---------------     ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp \              -s $ANYWHERE $UNPRIVPORTS \              -d $IPADDR 22 -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \              -s $IPADDR 22 \              -d $ANYWHERE $UNPRIVPORTS -j ACCEPT       ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp \              -s $ANYWHERE $SSH_PORTS \              -d $IPADDR 22 -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \              -s $IPADDR 22 \              -d $ANYWHERE $SSH_PORTS -j ACCEPT       # SSH client (22)     # --------------- #    ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \ #             -s $ANYWHERE 22 \