[KLUG Members] iptables

Bert Obbink members@kalamazoolinux.org
Thu, 01 Aug 2002 15:45:25 +0200

Previous message: [KLUG Members] Need C Help
Next message: [KLUG Members] iptables
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

a few days ago I posted the following question:

>>I want  to close the ident port (113) for all incomming 
>>connections except for thoose there is already a connection open. Some 
>>mail servers appear to need a open ident port before accepting email, or 
>>at least need significant more time to accept email. How can I make 
>>netfiler to accept incomming requests to this port when there is already 
>>an active (smtp) connection?
>>    
>>
After doing some firewall digging, I believe that this can be done by 
setting up the following rules:

iptables -A INPUT -i ${EXTERN} -p tcp --dport 113 -m state --state 
RELATED -j ACCEPT
iptables -A INPUT -i ${EXTERN} -p tcp --dport 113 -j DROP 

The first rule should allow the connection if there is already an active 
connection, rule 2 drops any other incomming connection.

${EXTERN} is the interface connected to the internet.

the '-m state' loads the state interface, the '--state' sets the condition.

yes/no/agree?


Bert.

Previous message: [KLUG Members] Need C Help
Next message: [KLUG Members] iptables
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]