[KLUG Members] More on the IPChains problem

[Rusty Yonkers]

> 
> There really isn't much reason to much on the OUTPUT chain.  The
> input 
> chain is the most effective place to "block" traffic.


I agree with using the input chain.  This is the easiest to work
with!  Just remember that the input can be from the outside or from
the inside.  The firewall is the reference point not the interface
(well usually). 

> >If someone wants to take the time to read the ruleset and 
> >provide some insight I would be most grateful.
> 
> I'll take a look.


Post it and lets see

> My method (when I get confused) is to -
> 
> 1. Allow everything
> 2. Start blocking things until what I want to work STOPS working. 
> Then I 
> know what to allow. :)  This works with some really odd apps that
> don't 
> clearly state what they need.
> 

I found that the best way to handle it is to deny everything then
open what you want.  At the end of the input chain put a statement to
deny everything but log the deny.  This will put a message in
/var/log/messages that you can look at to see what is trying to get
through when you try the program.  The command would be

/sbin/ipchains input -l -j DENY

You could even open a shell and do a tail -f /var/log/messages and
watch the file get appended when you run the command.  

You will see what protocol is trying to get out on what port!



=====
Truth is truth ... no matter what I think...
-----------------------------------------
Department of Redundancy Department
-----------------------------------------
Devoted RedHat fan...

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com