povolene porty v TCP/IP u RH 7.0
Michal Vymazal
gandalf na mbox.vol.cz
Čtvrtek Leden 10 17:51:50 CET 2002
Lukas Novak wrote:
> Nevite kde se nastavuje zakazovani a povolovani portu. Nastaveni
> dostupnych sluzeb chapu, ale u portu nevim.
>
> Lukas Novak
Zdravim
U ipchains treba takto
EXTERNAL_INTERFACE="ppp0" # Internet connected interface
LOCAL_INTERFACE_1="eth0" # Internal LAN interface
LOOPBACK_INTERFACE="127.0.0.1" # Your local naming convention
# ftp
ipchains -A input -p TCP -i $EXTERNAL_INTERFACE -s ! $LOOPBACK_INTERFACE -d
0.0.0.0/0 21 -j DENY -l
ipchains -A input -p UDP -i $EXTERNAL_INTERFACE -s ! $LOOPBACK_INTERFACE -d
0.0.0.0/0 21 -j DENY -l
# ssh
ipchains -A input -p TCP -i $EXTERNAL_INTERFACE -s ! $LOOPBACK_INTERFACE -d
0.0.0.0/0 22 -j DENY -l
ipchains -A input -p UDP -i $EXTERNAL_INTERFACE -s ! $LOOPBACK_INTERFACE -d
0.0.0.0/0 22 -j DENY -l
# telnet
ipchains -A input -p TCP -i $EXTERNAL_INTERFACE -s ! $LOOPBACK_INTERFACE -d
0.0.0.0/0 23 -j DENY -l
ipchains -A input -p TCP -i $EXTERNAL_INTERFACE -s ! $LOOPBACK_INTERFACE -d
0.0.0.0/0 23 -j DENY -l
Muzete pouzit i iptables.
Michal Vymazal
Další informace o konferenci Linux