Securing-Optimizing-RH-Linux-1_2

Securing-Optimizing-RH-Linux-1_2_115

Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 115 # -d $IPADDR $UNPRIVPORTS -j ACCEPT # ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \ # -s $IPADDR $UNPRIVPORTS \ # -d $ANYWHERE 22 -j ACCEPT # ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \ # -s $ANYWHERE 22 \ # -d $IPADDR $SSH_PORTS -j ACCEPT # ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \ # -s $IPADDR $SSH_PORTS \ # -d $ANYWHERE 22 -j ACCEPT # ------------------------------------------------------------------ # HTTP server (80) # ---------------- ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \ -s $ANYWHERE $UNPRIVPORTS \ -d $IPADDR 80 -j ACCEPT ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \ -s $IPADDR 80 \ -d $ANYWHERE $UNPRIVPORTS -j ACCEPT # ------------------------------------------------------------------ # HTTPS server (443) # ------------------ ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \ -s $ANYWHERE $UNPRIVPORTS \ -d $IPADDR 443 -j ACCEPT ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \ -s $IPADDR 443 \ -d $ANYWHERE $UNPRIVPORTS -j ACCEPT # ------------------------------------------------------------------ # SYSLOG server (514) # ----------------- # Provides full remote logging. Using this feature you're able to # control all syslog messages on one host. # ipchains -A input -i $EXTERNAL_INTERFACE -p udp \ # -s $SYSLOG_CLIENT \ # -d $IPADDR 514 -j ACCEPT # SYSLOG client (514) # ----------------- # ipchains -A output -i $EXTERNAL_INTERFACE -p udp \ # -s $IPADDR 514 \ # -d $SYSLOG_SERVER 514 -j ACCEPT # ------------------------------------------------------------------ # AUTH server (113)