[no subject]

Now the fun stuff:

ipchains -A input -i eth1 -p tcp ! -y -j ACCEPT  
# Allow TCP ACK packets back into my network.  (Btw, change ppp0 to 
# eth0 or whatever). Since ipchains is stateless :( you need to have 
# this to allow TCP sessions coming back into your network

ipchains -A input -i eth1 -p UDP --source-port 53 -j ACCEPT 
# Okay, since ipchains is statless, you need this.  the SRC port is 
# 53, which would be the return port (I send DST=53, SRC=10001, 
# they send DST=10001, SRC=53) Basic IP communication right there :)

ipchains -A input -i eth1 -p icmp --icmp-type echo-reply -j ACCEPT 
ipchains -A input -i eth1 -p icmp --icmp-type destination-unreachable \
	-j ACCEPT 
ipchains -A input -i eth1 -p icmp --icmp-type time-exceeded -j ACCEPT 
ipchains -A input -i eth1 -p icmp --icmp-type parameter-problem \
	-j ACCEPT 
ipchains -A input -i eth1 -p icmp --icmp-type source-quench -j ACCEPT 
ipchains -A input -i eth1 -p tcp -s 0.0.0.0 :80 -j ACCEPT 

#Just some basic ICMP.  For PING, traceroute mainly.

ipchains -A input -i eth1 -p tcp --destination-port 23 -j ACCEPT 
ipchains -A input -i eth1 -p tcp --destination-port 25 -j ACCEPT
ipchains -A input -i eth1 -p tcp --destination-port 80 -j ACCEPT
ipchains -A input -i eth1 -p tcp --destination-port 20 -j ACCEPT
ipchains -A input -i eth1 -p tcp --destination-port 21 -j ACCEPT

# And so on for any ports you want inbound.

There is more you can do too, like NAT (Network Address Translation) using
the IPMASQ functions.

http://www.mlinux.org/phorum/read.php?f=1&i=522&t=522

Check out this link for the full thing that I had written some years ago.

Thanks,

Brian