From: Martin Feeney (martin at domain tuatha.org)
Date: Fri 28 Jul 2000 - 17:50:54 IST
On 28 Jul 00, at 17:22, kevin lyda wrote:
> On Fri, Jul 28, 2000 at 04:59:42PM +0100, Martin Feeney wrote:
> > ## allow ssh on ppp0
> > #/sbin/ipchains -A input -j ACCEPT -i ppp0 -d <ip of ppp0>/32 22 -p tcp
> dynamic ip? i'd need to do that for any other services on ppp0 as well,
> yes. and the deny stops ftp from working (except via pasv)?
In /etc/ppp/ppp-up.d/ and in /etc/ppp/ppp-down.d/ (I think they're the
dirs anyway - if not you should have something equivalent) stick in a
script that re-executes your ipchains scripts and have the scripts grab
the ip of ppp0 and only use the extra rules if ppp0 is up - make sure you
flush the rules as well just after the -P deny (ipchains -F input).
The line you'll need is:
/sbin/ifconfig ppp0 | grep 'inet addr:' | sed 's/.*inet addr:\([0-
9.]*\).*/\1/g'
if you use the masq_ftp module it works fine (and you could always use
pasv anyway).
> i need tftp and i need rsh. i like this command:
>
> tar zcf - dir|rsh inle 'cd newdir;tar zxf -'
>
> it saves me from going out and buying a 100mb hub plus cards. the deny
> command would close all that up anyway, right?
Yep, will do.
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:07:01 GMT