---

---

Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 117 # ---------------------------------------------------------------------------- # Enable logging for selected denied packets      ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp \      -d $IPADDR -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -p udp \      -d $IPADDR $PRIVPORTS -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -p udp \      -d $IPADDR $UNPRIVPORTS -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -p icmp \              -s $ANYWHERE 5 -d $IPADDR -j DENY -l     ipchains -A input  -i $EXTERNAL_INTERFACE -p icmp \              -s $ANYWHERE 13:255 -d $IPADDR -j DENY -l # ----------------------------------------------------------------------------         ;;   stop)         echo -n "Shutting Firewalling Services: "     # Remove all existing rules belonging to this filter     ipchains -F     # Delete all user-defined chain to this filter     ipchains -X     # Reset the default policy of the filter to accept.     ipchains -P input  ACCEPT     ipchains -P output ACCEPT     ipchains -P forward ACCEPT     # Reset TCP SYN Cookie Protection to off.     echo 0 >/proc/sys/net/ipv4/tcp_syncookies     # Reset IP spoofing protection to off.     # turn on Source Address Verification     for f in /proc/sys/net/ipv4/conf/*/rp_filter; do         echo 0 > $f     done     # Reset ICMP Redirect Acceptance to on.     for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do         echo 1 > $f     done     # Reset Source Routed Packets to on.     for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do         echo 1 > $f     done ;;   status)         status firewall ;;   restart|reload) $0 stop $0 start ;;   *)