here's the scenario:

I would like to append a rule allowing all[ TCP/UDP traffic to/from a specific host to my existing IPCHAINS/MASQ firewall ruleset.

Can anyone give me the rundown on how to do this? Apologies for the uber-newbieishness of this question :)

Thanks!

Originally posted by aUsLanDeR:
I would like to append a rule allowing all TCP/UDP traffic to/from a specific host to my existing IPCHAINS/MASQ firewall ruleset.


Well, appending an allow rule won't do you much good because the rules are parsed in order. In other words if you have one rule that allows, say port 80 connections, and then one further down that disallows one site access to port 80, they will still get access because of the first rule allowing access.

So if you want full access from a specific site, I would put it as the first rule, then none of the blocking rules further down will affect that one site.

Now for how to write the rule. If you want all tcp and udp access on all ports, then the rule would be quite simple.

ipchains -a input -i eth0 -s 12.34.56.78 -d 12.34.56.79 -j ACCEPT
ipchains -a output -i eth0 -s 12.34.56.79 -d 12.34.56.78 -j ACCEPT

This assumes:

eth0 is your outside interface
12.34.56.78 is the remote site you want to grant access.
12.34.56.79 is the outside address of your router.

This also assumes a default DENY policy. If you have a default ALLOW policy (_not_ recommended) then the second rule doesn't need to be there.

Hope this helps.

[ 26 March 2001: Message edited by: sfam ]

duh! :)

Heh, no wonder it wasn't working for me! :D

Thanks again!! :D