Block connection in firewall -
Bob Goodwin
bobgoodwin at wildblue.net
Fri Feb 12 20:28:13 UTC 2016
On 02/12/16 15:10, Rick Stevens wrote:
>
> Not sure which firewall you're using.
> Judging by your description of its
> behavior, the odds are that the
> (unless otherwise specified) default
> protocol the rules affect is TCP. If
> that's the case, yes, your rules
> would prevent TCP-based activity
> (telnet, ssh, web, etc.) from working,
> but would NOT prevent UDP-based
> traffic (normal DNS queries for
> instance) or ICMP-based traffic (such
> as ping, traceroute, etc.).
>
> There's a whole lot of protocols that
> come under the "IP" umbrella.
> Dump out the content of /etc/protocols
> if you want to see a (fairly
> complete, but not exhaustive) list of
> what's out there.
.
The example I chose had an entry for
protocol in it but I removed that
thinking I did not want to limit it to
one, false logic I guess?
config rule
option src lan
option src_ip 192.168.1.7
option dest wan
# option proto tcp
option target REJECT
The objective is to protect my servers
which I want connected to the LAN but
not the internet. The firewall is in the
router, openwrt, I want to set up.
--
Bob Goodwin - Zuni, Virginia, USA
http://www.qrz.com/db/W2BOD
box10 FEDORA-23/64bit LINUX XFCE POP3
More information about the users
mailing list