From: Mustafa OZBAKIR (mozbakir@deba.com.tr)
Date: Fri 06 Jul 2001 - 13:38:42 EEST
Hello Murat,
Friday, July 06, 2001, 3:00:16 PM, you wrote:
MK> ee bende de udp kullaniliyor:))) n' olcek simdi?
abi genel olarak yaptigimda ise ipchains komutu kabul etmiyor.
MK> yapsaniz su rule lari tam gorsek Serdar daha cok anlar bu islerden daha
MK> fazla sey soyleyebiliriz belki.
-----------------------rc.local------------------------------------
[ -f /etc/sysconfig/system ] && source /etc/sysconfig/system
[ -z "$SECURITY" ] && SECURITY=0
if [ -f /etc/mandrake-release ]; then
R=$(cat /etc/mandrake-release)
arch=$(uname -m)
a="a"
case "_$arch" in
_a*) a="an";;
_i*) a="an";;
esac
NUMPROC=`egrep -c "^cpu[0-9]+" /proc/stat`
if [ "$NUMPROC" -gt "1" ]; then
SMP="$NUMPROC-processor "
[ "$NUMPROC" = "2" ] && \
SMP="Bi-processor "
if [ "$NUMPROC" = "8" -o "$NUMPROC" = "11" ]; then
a="an"
else
a="a"
fi
fi
# This will overwrite /etc/issue at every boot. So, make any changes you
# want to make to /etc/issue here or you will lose them when you reboot.
if [ -x /usr/bin/linux_logo ];then
/usr/bin/linux_logo -c -n -f > /etc/issue
echo "" >> /etc/issue
else
> /etc/issue
fi
echo "$R" >> /etc/issue
echo "Kernel $(uname -r) on $a $SMP$(uname -m) / \l" >> /etc/issue
if [ "$SECURITY" -le 3 ];then
echo "Welcome to %h" > /etc/issue.net
echo "$R" >> /etc/issue.net
echo "Kernel $(uname -r) on $a $SMP$(uname -m)" >> /etc/issue.net
else
echo "Welcome to Linux-Mandrake" > /etc/issue.net
echo "-------------------------" >> /etc/issue.net
fi
fi
chmod 777 /var/log/squid -R
ifconfig eth1 down
ifconfig eth2 down
ifconfig eth3 down
ifconfig eth1 up 212.98.194.167 netmask 255.255.255.240 broadcast 212.98.194.176
ifconfig eth2 up 192.168.10.253 netmask 255.255.255.0 broadcast 192.168.10.255
ifconfig eth3 up 192.168.16.253 netmask 255.255.255.0 broadcast 192.168.16.255
route add -host 192.168.1.254 dev eth2
route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.1.254 dev eth2
route add -net 192.168.16.0 netmask 255.255.255.0 gw 192.168.1.254 dev eth3
route add -net 192.168.1.0 netmask 255.255.255.0 dev eth0
route add -net 192.168.2.0 netmask 255.255.255.0 dev eth0
route del -net 212.98.194.0 netmask 255.255.255.240 dev eth2
route del -net 212.98.194.0 netmask 255.255.255.240 dev eth2
route add default gw 212.98.194.161 dev eth1
ipchains -A input -i ! lo -j DENY
ipchains -A output -i ! lo -j DENY
ipchains -A forward -j DENY
#insmod ip_masq_irc
#insmod ip_masq_raudio
insmod ip_masq_ftp
insmod ip_masq_cuseeme
ipchains -N deba-out
ipchains -N pit-deb
ipchains -N izm-glb
ipchains -N icmp-acc
ipchains -A input -p tcp -d 0/0 80 -j REDIRECT 8080
#ipchains -A forward -s 194.36.27.0/24 -i eth0 -j MASQ
ipchains -A forward -s 192.168.1.0/24 -i eth1 -j deba-out
ipchains -A forward -s 192.168.1.0/24 -i eth0 -j deba-out
ipchains -A forward -s 192.168.2.0/24 -i eth1 -j deba-out
ipchains -A forward -s 192.168.2.0/24 -i eth0 -j deba-out
ipchains -A forward -s 192.168.10.0/24 -i eth0 -j pit-deb
ipchains -A forward -s 192.168.10.0/24 -i eth2 -j pit-deb
ipchains -A forward -s 192.168.16.0/24 -i eth0 -j izm-glb
ipchains -A forward -s 192.168.16.0/24 -i eth3 -j izm-glb
ipchains -A forward -j DENY -l
ipchains -A icmp-acc -p icmp --icmp-type destination-unreachable -j ACCEPT
ipchains -A icmp-acc -p icmp --icmp-type source-quench -j ACCEPT
ipchains -A icmp-acc -p icmp --icmp-type time-exceeded -j ACCEPT
ipchains -A icmp-acc -p icmp --icmp-type parameter-problem -j ACCEPT
ipchains -A deba-out -s 192.168.1.0/24 -j MASQ
ipchains -A deba-out -s 192.168.2.0/24 -j MASQ
ipchains -A deba-out -p icmp --icmp-type ping -j MASQ
ipchains -A deba-out -j REJECT -l
ipchains -A pit-deb -d 192.168.1.0/24 -i eth2 -j ACCEPT
ipchains -A pit-deb -d 192.168.2.0/24 -i eth2 -j ACCEPT
ipchains -A izm-glb -d 192.168.16.0/24 -i eth3 -j ACCEPT
ipchains -A pit-deb -p icmp --icmp-type ping -j ACCEPT
ipchains -A pit-deb -j DENY -l
ipchains -A izm-glb -p icmp --icmp-type ping -j ACCEPT
ipchains -A izm-glb -j DENY -l
ipchains -D input 1
ipchains -D forward 1
ipchains -D output 1
echo "1" > /proc/sys/net/ipv4/ip_forward
---------------------son------------------------------------------
oh beah rahatladim.biraz olsun.simdi tum networku degil genel
mudurmuzun istedigi(bu da ayri bir cinslik) icqlari yasaklayacagim.
-- Best regards, Mustafa mailto:mozbakir@deba.com.tr----------------------------------------------------------------------- Liste üyeliğiniz ile ilgili her türlü işlem için http://liste.linux.org.tr adresindeki web arayüzünü kullanabilirsiniz.
Listeden çıkmak için: 'linux-request@linux.org.tr' adresine, "Konu" kısmında "unsubscribe" yazan bir e-posta gönderiniz. -----------------------------------------------------------------------