Re: [SLUG] iptables FORWARD chain

From: Derek Glidden (dglidden@illusionary.com)
Date: Thu Aug 01 2002 - 20:01:33 EDT

Next message: Paul M Foster: "Re: [SLUG] CDR[W] Drives and sessions"
Previous message: John Oakes: "Re: [SLUG] Installing Tomcat"
In reply to: Matt Miller: "Re: [SLUG] iptables FORWARD chain"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, 2002-08-01 at 19:41, Matt Miller wrote:
> On Thu, 2002-08-01 at 19:04, Derek Glidden wrote:
> > iptables -A FORWARD -i eth0 -s localnet -d ! localnet -p tcp --dport 80
> > -j DROP
> > iptables -A FORWARD -i eth0 -s localnet -d ! localnet -p tcp --dport 443
> > -j DROP
> > iptables -A FORWARD -i eth0 -s localnet -d ! localnet -p tcp -j ACCEPT
>
> Or I guess I could do this to streamline my script:
> iptables -A FORWARD -i eth0 -m multiport -s localnet -d ! localnet -p \
> tcp --dport 80,443 -j DROP
> iptables -A FORWARD -i eth0 -s localnet -d ! localnet -p tcp -j ACCEPT

personally I like the former, because then you are given the ability to
see how many of which port have been dropped.

> Thanks Derek. I failed to "see" I could simply put in a drop rule to
> accomplish the same task. Easy problem; easy solution.
> I had been setting up iptables rules all day. I guess my mind was a
> little fried.

no worries. I did the same thing myself at home before getting whacked
in the head with a cluestick. (Doing the same thing, essentially.
Blocking outbound HTTP/HTTPS except from my squid box. Just to see what
was trying to get out over HTTP. Interesting stuff...) Stared at that
sucker for hours and hours....

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval 
usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
    | extract_mpeg2 | mpeg2dec - 
         http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
http://www.eff.org/                   http://www.anti-dmca.org/

Next message: Paul M Foster: "Re: [SLUG] CDR[W] Drives and sessions"
Previous message: John Oakes: "Re: [SLUG] Installing Tomcat"
In reply to: Matt Miller: "Re: [SLUG] iptables FORWARD chain"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:40:24 EDT