Securing-Optimizing-RH-Linux-1_2

Securing-Optimizing-RH-Linux-1_2_125

Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 125 -d $IPADDR 113 -j REJECT # ------------------------------------------------------------------ # SYSLOG server (514) # ----------------- # Provides full remote logging. Using this feature you're able to # control all syslog messages on one host. # ipchains -A input -i $EXTERNAL_INTERFACE -p udp \ # -s $SYSLOG_CLIENT \ # -d $IPADDR 514 -j ACCEPT # SYSLOG client (514) # ----------------- # ipchains -A output -i $EXTERNAL_INTERFACE -p udp \ # -s $IPADDR 514 \ # -d $SYSLOG_SERVER 514 -j ACCEPT # ------------------------------------------------------------------ # SMTP server (25) # ---------------- ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \ -s $ANYWHERE $UNPRIVPORTS \ -d $IPADDR 25 -j ACCEPT ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \ -s $IPADDR 25 \ -d $ANYWHERE $UNPRIVPORTS -j ACCEPT # SMTP client (25) # ---------------- ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \ -s $ANYWHERE 25 \ -d $IPADDR $UNPRIVPORTS -j ACCEPT ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \ -s $IPADDR $UNPRIVPORTS \ -d $ANYWHERE 25 -j ACCEPT # ------------------------------------------------------------------ # IMAP server (143) # ----------------- ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \ -s $ANYWHERE $UNPRIVPORTS \ -d $IPADDR 143 -j ACCEPT ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \ -s $IPADDR 143 \ -d $ANYWHERE $UNPRIVPORTS -j ACCEPT # ------------------------------------------------------------------ # OUTGOING TRACEROUTE # ------------------- ipchains -A output -i $EXTERNAL_INTERFACE -p udp \