RV: Blocking FTP to external-network users

From: Eduardo Rohr (hanus@gmx.net)
Date: Mon Jan 31 2000 - 05:59:10 EST


> I have an FTP server setup on my RH6.1 K2.2.14 machine, but I wish to
> only allow computers on my local network (192.168.1.0) to access it. How
> is this possible? I figured maybe using IP Chains, but can you use that
> to block individual ports?

 Compiling the kernel to support firewall rules, and with ipchains you can
 block port 21 so only net 192.168.1.0/24 can see your ftp. You can make
this
 with following rules:

 /sbin/ipchains -A input -p tcp -s 192.168.1.0/24 -d my.ip.comes.here 21 -j
 ACCEPT
 /sbin/ipchains -A input -p tcp -s 0.0.0.0/0 -d my.ip.comes.here 21 -j DENY

 Or you can use the tcp wrappers. See host.allow and host.deny

 Eduardo

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu



This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:34 EST