In article <k6e231h5jd0npvvr7voisaq6kiomg3q1f0@4ax.com>,
grant_nospam@dodo.com.au says...
>
>On Fri, 11 Mar 2005 06:11:59 GMT, drwho8__NOTME__@att.net (The Eighth
Doctor) wrote:
>
>>That being said; once I've got the list of acceptable IP addresses from the I'net,
any
>>suggestions on how to configure the current firewall mechanism to reject
everyone
>>else? Also the router does contain a firewall, but I'm not sure as to how to have it
>>block those addresses, if it can...
>
>put them in a list and read into firewall:
>
># known ssh host data file
># ~~~~~~~~~~~~~~~~~~~~~~~~
># Format of data file for known hosts is one data record per line,
># each tab or space delimited data record contains three fields:
># addr port [# optional comment]
>#
># Example: "192.0.2.123 ssh # Fred"
>#
># Notes: data file must not contain blank or comment lines, nor a
># newline after the last record. If you use a non-standard ssh port,
># replace 'ssh' with your custom port number in the data file.
>
>SSH_HOSTS_ALLOW_FILE="$INCLUDE_FILE_PATH/allow-ssh-src-addr"
>SSH_LOGIN_RATE_LIMIT="4/hour"
>
>function allow_restricted_fw_ingress ()
>{
> if test -r $SSH_HOSTS_ALLOW_FILE; then
> while read addr port rest; do
> iptables -A INPUT -p tcp $MSTATE NEW --src $addr \
> --dport $port $MLIMIT $SSH_LOGIN_RATE_LIMIT -j
ACCEPT
> done < $SSH_HOSTS_ALLOW_FILE
> fi
>. . .
>Cheers,
>Grant.
>
Hello from the Eighth Doctor
Nice, Grant it makes sense. However... One small detail. How do you create a
firewal using the basic tools that Pat provides for Slackware? That's one subject, I'm
not familiar with. I remember telling the installer to install the things from the n disk
that's associated with the technology, but I don't recall going over that step.
-----
Gregg drwho8 atsign att dot net