Re: Blocking FTP to external-network users

From: Jose Luis Hime (jhime@synchro.com.br)
Date: Mon Jan 31 2000 - 08:37:15 EST


You can use ipchains to block a specific port from the "world outside":

ipchains -A output -p tcp -s <your network>/<your netmask> 21 -j ACCEPT
ipchains -A output -p tcp -s 0.0.0.0/0 21 -j DENY

First, you accept everything from your network.
After that, you deny all other packets, all of this for ftp port.

Please note that you are inserting rules for OUTPUT channel. This is
correct: you will be able to establish connections from your box, but this
box will reject all ftp requests from the rest of the world.

If you specify INPUT riles, the effect will be inverted: you will not be
able to establish ftp connections, but your box will accept all ftp
connections.

Best regards,
Hime

At 19:14 31/01/00 +1100, Daniel Zeaiter wrote:
>I have an FTP server setup on my RH6.1 K2.2.14 machine, but I wish to
>only allow computers on my local network (192.168.1.0) to access it. How
>is this possible? I figured maybe using IP Chains, but can you use that
>to block individual ports?
>
>Thanks in advance!
>Daniel Zeaiter.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu



This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:34 EST