HostedDB - Dedicated UNIX Servers

Securing-Optimizing-RH-Linux-1_2_124
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 124              -s $IPADDR $UNPRIVPORTS \              -d $NAMESERVER_1 53 -j ACCEPT       ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \              -s $NAMESERVER_1 53 \              -d $IPADDR $UNPRIVPORTS -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \              -s $IPADDR $UNPRIVPORTS \              -d $NAMESERVER_1 53 -j ACCEPT   # ----------------------------------------------------------------------------     # TCP accept only on selected ports      # ---------------------------------     # ------------------------------------------------------------------     # SSH server (22)     # ---------------     ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp \              -s $ANYWHERE $UNPRIVPORTS \              -d $IPADDR 22 -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \              -s $IPADDR 22 \              -d $ANYWHERE $UNPRIVPORTS -j ACCEPT       ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp \              -s $ANYWHERE $SSH_PORTS \              -d $IPADDR 22 -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \              -s $IPADDR 22 \              -d $ANYWHERE $SSH_PORTS -j ACCEPT       # SSH client (22)     # --------------- #    ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \ #             -s $ANYWHERE 22 \ #             -d $IPADDR $UNPRIVPORTS -j ACCEPT #    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \ #             -s $IPADDR $UNPRIVPORTS \ #             -d $ANYWHERE 22 -j ACCEPT #    ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \ #             -s $ANYWHERE 22 \ #             -d $IPADDR $SSH_PORTS -j ACCEPT #    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \ #             -s $IPADDR $SSH_PORTS \ #             -d $ANYWHERE 22 -j ACCEPT     # ------------------------------------------------------------------     # AUTH server (113)     # -----------------     # Reject, rather than deny, the incoming auth port. (NET-3-HOWTO)     ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp \              -s $ANYWHERE \