Re: ipchains newie - wants to open up access for one computer

From: abeeber-ibis (abeeber@ibisconsulting.com)
Date: 02/01/03


From: abeeber@ibisconsulting.com (abeeber-ibis)
Date: 1 Feb 2003 12:49:19 -0800

Luke,
How would I find the squence of these rules? As I said to Vlad, I can
not seem to find the DENY and REJECT rules which I know must exist as
I can use NSLOOKUP to resolve DNS but I can not ftp, http out from
that subnet.

Andrew

"Luke Vogel" <luke@bell-bird.com.au> wrote in message news:<UON_9.5$z23.797@nsw.nnrp.telstra.net>...
> "Vlad Tsyrklevich" <root@127.0.0.1> wrote in message
> news:pan.2003.02.01.00.06.08.929751.202@127.0.0.1...
> > Would adding a rule to drop 192.168.0.[0-255] but allow 192.168.0.XXX
> > (where XXX is the IP of the box that needs to access the internet)
> work
> > for your situation? I believe this is what you are asking for but just
> > making sure :-).
>
> Probably would Vlad, but the sequence of the two rules is important.
>
> I.e. allow the XXX ip first, THEN deny all the others.
>
> Luke.