| |
| |
| |
|
Comments:
<0> hi
<0> how can i drop all the packets come from a given ip?
<1> krnl`-, iptables -A INPUT -s $ip -p tcp -i $EXTIF -j DROP # that should prolly work
<0> thnx
<0> should i enable on input the port 25 if i want only send email and not receive?
<1> no all are requiered to have is a outgoing to destination port 25
<1> if you want to send
<1> you can block the incomming port 25 its only requiered for mailservers
<0> TAtari, but if i connent to a mailservert to send mail to it, will i get the responses (fe "250 OK") if i block all the incoming packets to port 25?
<1> you will still get the response back, as soon as a tcp connection is established traffic can flow in both directions
<0> ok so i dont need to ACCEPT any packet on INPUT from port 25?
<0> someone says i ll need this: iptables -A INPUT -p tcp --sport 25 -m state --state ESTABLISHED,RELATED -j ACCEPT
<1> no you wont use a localport 25 when you send... it will mostlikly be a 20k+ port
<0> but i have no state match support in my kernel
<1> you don't need that
<0> ok thnx
<1> as long as you have establish, related rule for all port (wich you really should have or nothing would work)
<0> it doesnt work. i cant telnet to a server on port 25.
<1> that's odd.... how does your script look now
<1> blocking anything else?
<0> mom i paste it to poastebin
<0> http://pastebin.ca/327906
<1> hmm
<1> add this rule: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
<1> that will allow connections made from your computer to recive data
<0> it says iptables: No chain/target/match by that name i have no state support. bu cant understand why. there is even no in the kernel's config file
<1> hmm it should be
<1> called Connection state match support
<1> you need to enable it
<0> it says nothing: cat .config | grep STATE
<1> it should, what kernel do you have?
<1> just use the menuconfig and enable it
<0> i have kernel 2.4.33.3
<0> i amat Networking Options / IP: NetFilter Configuration
<0> but there isnt any item for state match :/
<1> it should be under ip tables support
<1> at least it is in 2.6 kernels
<1> IP tables support (required for filtering/masq/NAT) sure there isnt a option for it under that
<0> there is no. i download an other kernel
<0> :)
<1> there is no reason to run 2.4 anymore the 2.6 has been stable a long time now :)
<0> i have a high traffic webserver, and i had a lot of cpu wait with 2.6, and because of this i always had very high load. under 2.4 nothing problem. i couldnt find the solution, tried many configuration stuffs.
<1> ok... odd, I'm serving 5 sites (Apache 2) on mine with 2.6 never had any problems
Return to
#iptables
or
Go to some related
logs:
#microsoft
#politics
#nhl
#windows
#politics
__imp___CrtDbgReportW solid
three cheers for Ottawa video
#bsd
#beginner
www.silases.com upload
|
|