iptables.

Hi all,

I have Slakware 9.1? running IPChains firewall (iptables v1.2.8), how do I
block certain IPs and allow the rest to get in my box?

Thanks, John.

John wrote:
> Hi all,
>
> I have Slakware 9.1? running IPChains firewall (iptables v1.2.8), how do I
> block certain IPs and allow the rest to get in my box?
>
> Thanks, John.

man ipchains
http://www.rt.com/man/ipchains.8.html

guide to ipchains
http://www.linuxexposed.com/internal...rticle&sid=431

linuxhelp
http://www.linuxhelp.net/cgi-bin/hts...words=ipchains

--
Even though I walk through the valley of the shadow of death,
I will fear no evil, for you are with me;
your rod and your staff, they comfort me.

John wrote:
> Hi all,
>
> I have Slakware 9.1? running IPChains firewall (iptables v1.2.8), how do I
> block certain IPs and allow the rest to get in my box?
>
> Thanks, John.
>
>

i guess you mean iptables for kernel 2.4 and higher. ipchains is only
supported by old kernel 2.2.x

ACCEPT policy
$IPTABLES -P INPUT ACCEPT

block ip's with
iptables -A INPUT -i <INET_IFACE> -s <IP_TO_BLOCK> -j DROP

greetz,
gimickser

John wrote:
> Hi all,
>
> I have Slakware 9.1? running IPChains firewall (iptables v1.2.8), how do I
> block certain IPs and allow the rest to get in my box?
>
> Thanks, John.
>
>
There are several easy-to-use firewall applications now available that
help you configure iptables (NOT ipchains, they aren't equivalent).

One that I know of is called "Firestarter" and can be found at:

http://www.fs-security.com/

John wrote:
> Hi all,
>
> I have Slakware 9.1? running IPChains firewall (iptables v1.2.8), how do I
> block certain IPs and allow the rest to get in my box?

While ipchains is still supported, you probably should be going to a new
firewall based on iptables, which gives you stateful connections and
better security. The ipchains support is no longer native in 2.4, and
not getting a lot of use and new though lately.

Read that as "there is a lot more support for iptables these days." I
haven't looked at ipchains since about kernel 2.3 days...

--
-bill davidsen (davidsen@tmr.com)
"The secret to procrastination is to put things off until the
last possible moment - but no longer" -me

John said the following, on 01/12/05 13:18:
> Hi all,
>
> I have Slakware 9.1? running IPChains firewall (iptables v1.2.8), how do I
> block certain IPs and allow the rest to get in my box?
>
>

In addition to the Firestarter package mentioned elsewhere in this
thread, there is another easy-to-use KDE front-end package for iptables,
called GuardDog.

<http://freshmeat.net/projects/guarddog/>

It allows per-protocol inbound and outbound settings, as well as setting
up special IP address categories.



--
Rich Gibbs
rgibbs@alumni.princeton.edu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

While drooling on their shoelaces, gimickser spouted:
> John wrote:
>> Hi all,
>>
>> I have Slakware 9.1? running IPChains firewall (iptables v1.2.8), how do I
>> block certain IPs and allow the rest to get in my box?
>>
>> Thanks, John.
>>
>>
>
> i guess you mean iptables for kernel 2.4 and higher. ipchains is only
> supported by old kernel 2.2.x

ipchains works in 2.4.x - it's a legacy module IIRC. I didn't start
using iptables until 2.6.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFB6W/GowlfGIzYCOYRAh7fAJ4yRpjQZrUPMXyT7hqLO/HR/zViGQCeKujn
puXVTSXI+LBMKcvhPeloI3M=
=+pPS
-----END PGP SIGNATURE-----