I don't know if iptables is for kernel 2.2, but there is ipchains on
those kernels, and it is almost as good.

Francisco



Hulatt, Jon wrote:

>I would strongly strongly recommend you use iptables instead. You've almost
>certainly got iptables support already compiled into your kernel, so it's
>just a matter of installing the userspace iptables tool, and configuring it.
>I'll give you a hand with the config if you want, just email me.
>
>jon
>
>
>
>>-----Original Message-----
>>From: Josh Koffman [mailto:listsjosh@3MTMP.COM]
>>Sent: 12 February 2004 16:33
>>To: PICLIST@MITVMA.MIT.EDU
>>Subject: [OT:] Linux Host Deny Help
>>
>>
>>Ok, I'm desperate. I've tried everything I know how to try,
>>and it's not working. And I can't figure out why.
>>
>>I am running Debian with a 2.2.19 kernel. I know 2.6 is out,
>>but I don't want to upgrade right now. There is going to be a
>>major overhaul coming in a month or so, and I don't want to
>>waste time upgrading this machine right now.
>>
>>Here is what I am trying to do. I am attempting to block
>>access to my linux box from all addresses starting with
>>141.117.*.* except the few within that range that I specify.
>>So, my first thought was hosts.allow and hosts.deny. I added
>>the address above (with netmask) to hosts.deny,
>>(ALL:141.117.0.0/255.255.0.0), and the address I want to be
>>able to access the box (ALL:141.117.*.*) to hosts.allow. Then
>>I started testing. The address I want to work worked fine.
>>However, I am having issues with the blocked addresses. They
>>won't connect to some services (ie the POP
>>server) which is perfect, but they still connect to others,
>>such as SMTP. I've even tried explicitly denying the IP of
>>the machine I'm testing with, and I can still send mail
>>through SMTP perfectly. I tried adding (ALL smtp:
>>141.117.0.0/255.255.0.0) or ALL exim:
>>141.117.0.0/255.255.0.0) but neither seem to work.
>>
>>I just don't understand how I can explicitly deny access, and
>>it works for some things but SMTP works great.
>>
>>HELP!
>>
>>Thank you
>>
>>Josh
>>--
>>A common mistake that people make when trying to design
>>something completely foolproof is to underestimate the
>>ingenuity of complete fools.
>>        -Douglas Adams
>>
>>--
>>http://www.piclist.com hint: The list server can filter out
>>subtopics (like ads or off topics) for you. See
>>
>>
>http://www.piclist.com/#topics
>
>--
>http://www.piclist.com hint: The list server can filter out subtopics
>(like ads or off topics) for you. See http://www.piclist.com/#topics
>
>.
>
>
>

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics