HostedDB - Dedicated UNIX Servers
Securing-Optimizing-RH-Linux-1_2_136
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 136              -s 208.164.186.0/24 8 -d $IPADDR -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p icmp \              -s $IPADDR 0 -d 208.164.186.0/24 -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p icmp \              -s $IPADDR 3 -d $ANYWHERE -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p icmp \              -s $IPADDR 4 -d $ANYWHERE -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p icmp \              -s $IPADDR 8 -d $ANYWHERE -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p icmp \              -s $IPADDR 12 -d $ANYWHERE -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p icmp \              -s $IPADDR 11 -d 208.164.186.0/24 -j ACCEPT   # ----------------------------------------------------------------------------     # UDP INCOMING TRACEROUTE     # traceroute usually uses -S 32769:65535 -D 33434:33523     ipchains -A input  -i $EXTERNAL_INTERFACE -p udp \              -s 208.164.186.0/24 $TRACEROUTE_SRC_PORTS \              -d $IPADDR $TRACEROUTE_DEST_PORTS -j ACCEPT -l     ipchains -A input  -i $EXTERNAL_INTERFACE -p udp \              -s $ANYWHERE $TRACEROUTE_SRC_PORTS \              -d $IPADDR $TRACEROUTE_DEST_PORTS -j DENY -l # ----------------------------------------------------------------------------     # DNS server     # ----------     # DNS: full server     # server/client to server query or response     ipchains -A input  -i $EXTERNAL_INTERFACE -p udp \              -s $ANYWHERE $UNPRIVPORTS \              -d $IPADDR 53 -j ACCEPT     ipchains  -A output -i $EXTERNAL_INTERFACE -p udp \              -s $IPADDR 53 \              -d $ANYWHERE $UNPRIVPORTS -j ACCEPT     # DNS client (53)     # ---------------     ipchains -A input  -i $EXTERNAL_INTERFACE -p udp \              -s $NAMESERVER_1 53 \              -d $IPADDR $UNPRIVPORTS -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p udp \              -s $IPADDR $UNPRIVPORTS \              -d $NAMESERVER_1 53 -j ACCEPT       ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \              -s $NAMESERVER_1 53 \              -d $IPADDR $UNPRIVPORTS -j ACCEPT       ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \              -s $IPADDR $UNPRIVPORTS \              -d $NAMESERVER_1 53 -j ACCEPT       ipchains -A input  -i $EXTERNAL_INTERFACE -p udp \              -s $NAMESERVER_2 53 \