<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9"> <TITLE>Firewall And Proxy Server HOWTO: APPENDEX A - $B%9%/%j%W%H$NNc(B</TITLE> <LINK HREF="Firewall-HOWTO-16.html" REL=next> <LINK HREF="Firewall-HOWTO-14.html" REL=previous> <LINK HREF="Firewall-HOWTO.html#toc15" REL=contents> </HEAD> <BODY> <A HREF="Firewall-HOWTO-16.html">$B<!$N%Z!<%8(B</A> <A HREF="Firewall-HOWTO-14.html">$BA0$N%Z!<%8(B</A> <A HREF="Firewall-HOWTO.html#toc15">$BL\<!$X(B</A> <HR> <H2><A NAME="s15">15. APPENDEX A - $B%9%/%j%W%H$NNc(B</A></H2> <P> <P> <H2><A NAME="ss15.1">15.1 GFCC $B$rMQ$$$?(B RC $B%9%/%j%W%H(B</A> </H2> <P> <PRE> #!/bin/bash # # Firewall Script - Version 0.9.1 # # chkconfig: 2345 09 99 # $B35MW(B: 2.2.x $B%+!<%M%kMQ%U%!%$%"%&%)!<%k%9%/%j%W%H(B # $B%F%9%H$N:]$K$O(B # -x $B$rDI2C$9$k$3$H!#(B # # $BCm0U(B - # # $B$3$N%9%/%j%W%H$O(B RedHat 6.0 $B5Z$S$=$l0J9_$N%P!<%8%g%s8~$1$K=q$+$l$F(B # $B$$$^$9!#(B # # $B%&%'%V$d(B ftp $B%5!<%P$N$h$&$J8x3+%5!<%S%9$rDs6!$9$k>l9g$OCm0U$7$F(B # $B$/$@$5$$!#(B # # $B%$%s%9%H!<%k(B - # 1. /etc/rc.d/init.d $B$NCf$K$3$N%U%!%$%k$rCV$-$^$9!#(B # (root $B$K$J$i$J$1$l$P$J$i$J$$$G$7$g$&(B...) # "firewall" $B$N$h$&$JL>A0$K$7$^$9(B :-) # $B=jM-8"$r(B root $B$K$7$^$9(B --> "chown root.root ($B%U%!%$%kL>(B)" # $B<B9TB0@-$rN)$F$^$9(B --> "chmod 755 ($B%U%!%$%kL>(B)" # # 2. $B%U%!%$%"%&%)!<%k%k!<%k$r:n$k0Y$K(B GFCC $B$r;H$$!"(B # $B%U%!%$%k(B /etc/gfcc/rules/firewall.rule.sh $B$K=q$-<L$7$^$9!#(B # # 3. RedHat $B$N(B init $B%9%/%j%W%H$K%U%!%$%"%&%)!<%k$r(B # $BDI2C$7$^$9(B --> "chkconfig --add ($B%U%!%$%kL>(B)" # $B<!2s%k!<%?$r5/F0$9$k$H(B firewall $B%5!<%S%9$,<+F0E*$K5/F0$9$k$O$:$G$9(B! # *$BA0$h$j>/$7$O(B* $B@H<e$G$J$/$J$C$F$$$k$N$G!"Lk$O$0$C$9$j?2$F$/$@$5$$!#(B # # $B%j%j!<%9%N!<%H(B # 30 Jan, 2000 - GFCC $B%9%/%j%W%H$KJQ99(B # 11 Dec, 1999 - Mark Grennan <mark@grennan.com> $B$K$h$k99?7(B # 20 July, 1999 - $B:G=i$N:nIJ(B - Anthony Ball <tony@LinuxSIG.org> # ################################################ # $B4X?t%i%$%V%i%j$rFI$_9~$_$^$9!#(B . /etc/rc.d/init.d/functions # $B%M%C%H%o!<%/@_Dj$rFI$_9~$_$^$9!#(B . /etc/sysconfig/network # $B%M%C%H%o!<%/$,5/F0$7$F$$$k$+%A%'%C%/$7$^$9!#(B [ ${NETWORKING} = "no" ] && exit 0 # $B2?$,8F$S=P$5$l$?$+$r8+$^$9!#(B case "$1" in start) # $B%"%/%;%95!G=$NDs6!$r3+;O$7$^$9!#(B action "Starting firewall: " /bin/true /etc/gfcc/rules/firewall.rule.sh action "Loading firewall modules: " /bin/true # /sbin/insmod ip_masq_autofw # /sbin/insmod ip_masq_suseeme /sbin/insmod ip_masq_ftp /sbin/insmod ip_masq_irc # /sbin/insmod ip_masq_mfw # /sbin/insmod ip_masq_portfw # /sbin/insmod ip_masq_quake /sbin/insmod ip_masq_raudio # /sbin/insmod ip_masq_user # /sbin/insmod ip_masq_vdolive echo ;; stop) action "Stoping firewall: " /bin/true echo 0 > /proc/sys/net/ipv4/ip_forward /sbin/ipchains -F input /sbin/ipchains -F output /sbin/ipchains -F forward echo ;; restart) action "Restarting firewall: " /bin/true $0 stop $0 start echo ;; status) # $B@_DjFbMF$r%j%9%HI=<($7$^$9!#(B /sbin/ipchains -L ;; test) action "Test Mode firewall: " /bin/true /sbin/ipchains -F input /sbin/ipchains -F output /sbin/ipchains -F forward echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/ipchains -A input -j ACCEPT /sbin/ipchains -A output -j ACCEPT /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -i $PUBLIC -j MASQ echo ;; *) echo "Usage: $0 {start|stop|restart|status|test}" exit 1 esac </PRE> <P> <P> <H2><A NAME="ss15.2">15.2 GFCC $B%9%/%j%W%H(B</A> </H2> <P>$B$3$N%9%/%j%W%H$O(B Graphical Firewall program (GFCC) $B$K$h$C$F(B $B@8@.$5$l$^$7$?!#(B $B$3$l$OF0:n$9$k%k!<%k%;%C%H$G$O$"$j$^$;$s!#(B $BE><L$5$l$?%k!<%k%;%C%H$G$9!#(B <P> <PRE> #!/bin/sh # Gtk+ $B%U%!%$%"%&%)!<%k%3%s%H%m!<%k%;%s%?!<$,@8@.$7$^$7$?!#(B IPCHAINS=/sbin/ipchains localnet="192.168.1.0/24" firewallhost="192.168.1.1/32" localhost="172.0.0.0/8" DNS1="24.94.163.119/32" DNS2="24.94.163.124/32" Broadcast="255.255.255.255/32" Multicast="224.0.0.0/8" Any="0.0.0.0/0" mail_grennan_com="192.168.1.1/32" mark_grennan_com="192.168.1.3/32" $IPCHAINS -P input DENY $IPCHAINS -P forward ACCEPT $IPCHAINS -P output ACCEPT $IPCHAINS -F $IPCHAINS -X # input $B%k!<%k(B $IPCHAINS -A input -s $Any -d $Broadcast -j DENY $IPCHAINS -A input -p udp -s $Any -d $Any netbios-ns -j DENY $IPCHAINS -A input -p tcp -s $Any -d $Any netbios-ns -j DENY $IPCHAINS -A input -p udp -s $Any -d $Any netbios-dgm -j DENY $IPCHAINS -A input -p tcp -s $Any -d $Any netbios-dgm -j DENY $IPCHAINS -A input -p udp -s $Any -d $Any bootps -j DENY $IPCHAINS -A input -p udp -s $Any -d $Any bootpc -j DENY $IPCHAINS -A input -s $Multicast -d $Any -j DENY $IPCHAINS -A input -s $localhost -d $Any -i lo -j ACCEPT $IPCHAINS -A input -s $localnet -d $Any -i eth1 -j ACCEPT $IPCHAINS -A input -s $localnet -d $Broadcast -i eth1 -j ACCEPT $IPCHAINS -A input -p icmp -s $Any -d $Any -j ACCEPT $IPCHAINS -A input -p tcp -s $Any -d $Any -j ACCEPT ! -y $IPCHAINS -A input -p udp -s $DNS1 domain -d $Any 1023:65535 -j ACCEPT $IPCHAINS -A input -p udp -s $DNS2 domain -d $Any 1023:65535 -j ACCEPT $IPCHAINS -A input -p tcp -s $Any -d $Any ssh -j ACCEPT $IPCHAINS -A input -p tcp -s $Any -d $Any telnet -j ACCEPT $IPCHAINS -A input -p tcp -s $Any -d $Any smtp -j ACCEPT $IPCHAINS -A input -p tcp -s $Any -d $Any pop-3 -j ACCEPT $IPCHAINS -A input -p tcp -s $Any -d $Any auth -j ACCEPT $IPCHAINS -A input -p tcp -s $Any -d $Any www -j ACCEPT $IPCHAINS -A input -p tcp -s $Any -d $Any ftp -j ACCEPT $IPCHAINS -A input -s $Any -d $Any -j DENY -l # forward $B%k!<%k(B $IPCHAINS -A forward -s $localnet -d $Any -j MASQ # output $B%k!<%k(B </PRE> <P> <H2><A NAME="ss15.3">15.3 GFCC $B$r;H$o$J$$(B RC $B%9%/%j%W%H(B</A> </H2> <P>$B$3$l$O<j=q$-$G9=C[$7$?%U%!%$%"%&%)!<%k$N%k!<%k%;%C%H$G$9!#(B GFCC $B$O;H$$$^$;$s!#(B <P> <PRE> #!/bin/bash # # Firewall Script - Version 0.9.0 # chkconfig: 2345 09 99 # $B35MW(B: 2.2.x $B%+!<%M%kMQ%U%!%$%"%&%)!<%k%9%/%j%W%H(B # $B%F%9%H$N:]$K$O(B # -x $B$rDI2C$9$k$3$H!#(B # # $BCm0U(B - # # $B$3$N%9%/%j%W%H$O(B RedHat 6.0 $B5Z$S$=$l0J9_$N%P!<%8%g%s8~$1$K=q$+$l$F$$$^$9!#(B # # $B$3$N%U%!%$%"%&%)!<%k%9%/%j%W%H$O!"BgItJ,$N%@%$%"%k%"%C%W$+%1!<%V%k%b%G%`(B # $B$r;HMQ$7$?%k!<%?$GF0$/H&$G$9!#(B # RedHat $B%G%#%9%H%j%S%e!<%7%g%sMQ$K:n@.$7$^$7$?!#(B # # web $B$d(B ftp $B%5!<%P$N$h$&$J8x3+%5!<%S%9$rDs6!$9$k>l9g$OCm0U$7$F$/$@$5$$!#(B # # $B%$%s%9%H!<%k(B - # 1. $B$3$N%U%!%$%k$O(B RedHat $B%7%9%F%`MQ$K:n$i$l$F$$$^$9!#$3$N$^$^$GB>$N(B # $B%G%#%9%H%j%S%e!<%7%g%s$G$bF0$/$H;W$$$^$9$,!"$b$&0lEY3NG'$7$?J}$,(B # $B$$$$$G$7$g$&!#(B # $B$b$7$+$7$FF0$+$J$$$+$b$7$l$J$$$+$i(B?!!? # $B$3$l$i$N<j=g$O(B RedHat $B%7%9%F%`$KE,MQ$7$^$9!#(B # # 2. /etc/rc.d/init.d $B$NCf$K$3$N%U%!%$%k$rCV$-$^$9(B (root $B$K$J$C$F(B...) # "firewall" $B$N$h$&$JL>A0$K$7$^$9(B :-) # $B=jM-8"$r(B root $B$K$7$^$9(B --> "chown root.root <$B%U%!%$%kL>(B>" # $B<B9T8"$r$D$1$^$9(B --> "chmod 755 <$B%U%!%$%kL>(B>" # # 3. $B%M%C%H%o!<%/!";HMQ$9$k%$%s%?!<%U%'!<%9!"(BDNS $B%5!<%P$N@_Dj$r$7$^$9!#(B # uncomment $B$G;O$^$k9T$N2<$G!"<uIU$1%5!<%S%9$rA*Br$7M-8z$K$7$^$9!#(B # "eth0" $B$,;HMQ$9$k(B NIC $B$+3NG'$7$^$9(B ($B0?$O$"$J$?$N%7%9%F%`$N%M%C%H%o!<%/(B # $B%$%s%?!<%U%'!<%9L>$KJQ99$7$^$9(B)$B!#(B # $B%F%9%H$9$k$K$O(B --> "/etc/rc.d/init.d/<$B%U%!%$%kL>(B> start" # $B%k!<%k$r0lMw$9$k$K$O(B --> "ipchains -L -n" # $B8m$j$,$"$l$P=$@5$7$^$7$g$&(B... :-) # # 4. RedHat $B$N(B init $B%9%/%j%W%H$K%U%!%$%"%&%)!<%k$rDI2C$7$^$9(B # --> "chkconfig --add <$B%U%!%$%kL>(B>" # $B<!2s%k!<%?$r5/F0$9$k$H(B firewall $B%5!<%S%9$,<+F0E*$K5/F0$9$k$O$:$G$9!*(B # *$BA0$h$j>/$7$O(B* $B@H<e$G$J$/$J$C$F$$$k$N$G!"Lk$O$0$C$9$j?2$F$/$@$5$$!#(B # # $B%j%j!<%9%N!<%H(B # 20 July, 1999 - $B:G=i$N:nIJ(B - Anthony Ball <tony@LinuxSIG.org> # 11 Dec, 1999 - Mark Grennan <mark@grennan.com> $B$K$h$k99?7(B # ################################################ # $B$"$J$?$N%m!<%+%k%M%C%H%o!<%/$KE,9g$9$kCM$r5-F~$7$F$/$@$5$$!#(B PRIVATENET=xxx.xxx.xxx.xxx/xx PUBLIC=ppp0 PRIVATE=eth0 # $B$"$J$?$N(B dns $B%5!<%P$N@_Dj(B DNS1=xxx.xxx.xxx.xxx DNS2=xxx.xxx.xxx.xxx ################################################ # $B%M%C%H%o!<%/$N@_Dj$KMQ$$$kHFMQE*$JCM$rDj5A$7$^$9!#(B ANY=0.0.0.0/0 ALLONES=255.255.255.255 # $B4X?t%i%$%V%i%j$rFI$_9~$_$^$9!#(B . /etc/rc.d/init.d/functions # $B%M%C%H%o!<%/@_Dj$rFI$_9~$_$^$9!#(B . /etc/sysconfig/network # $B%M%C%H%o!<%/$,5/F0$7$F$$$k$+%A%'%C%/$7$^$9!#(B [ ${NETWORKING} = "no" ] && exit 0 # $B2?$,8F$S=P$5$l$?$+$r8+$^$9!#(B case "$1" in start) # $B%"%/%;%95!G=$NDs6!$r3+;O$7$^$9!#(B action "Starting firewall: " /bin/true ## ## $B4D6-@_Dj(B ## # $BA4$F$N%A%'%$%s$N%j%9%H$rA4>C5n$7$^$9!#(B /sbin/ipchains -F input /sbin/ipchains -F output /sbin/ipchains -F forward # input $B%A%'%$%s$K38$r$+$V$;$F!"A4$F$N%]!<%H$r$U$5$.$^$9!#(B /sbin/ipchains -I input 1 -j DENY # $B%]%j%7!<$rH]Dj(B (DENY) $B$K@_Dj$7$^$9!#(B ($B%G%U%)%k%H$O(BACCEPT) /sbin/ipchains -P input DENY /sbin/ipchains -P output ACCEPT /sbin/ipchains -P forward ACCEPT # $B%Q%1%C%H%U%)%o!<%G%#%s%0$rM-8z$K$7$^$9!#(B echo 1 > /proc/sys/net/ipv4/ip_forward ## ## $B%b%8%e!<%k$N%$%s%9%H!<%k(B ## # $B%"%/%F%#%V(B ftp $B%b%8%e!<%k$rFI$_9~$_$^$9!#(B # $B%m!<%+%k%M%C%H%o!<%/>e$N%^%7%s$KHs%Q%C%7%t(B ftp $B%"%/%;%9$,(B # $B$G$-$k$h$&$K$7$^$9!#(B # ($BC"$7!"%k!<%?<+?H$O%^%9%+%l!<%I$5$l$F$$$J$$$N$G=|30$5$l$^$9!#(B) if ! ( /sbin/lsmod | /bin/grep masq_ftp > /dev/null ); then /sbin/insmod ip_masq_ftp fi ## ## $B%;%-%e%j%F%#4X78(B ## # $B8=B8$9$k%M%C%H%o!<%/%$%s%?!<%U%'!<%9$*$h$S:#8eH/@8$9$k$G$"$m$&(B # $B%M%C%H%o!<%/%$%s%?!<%U%'!<%9$KBP$7!"H/?.%"%I%l%9$NN)>Z$H56AuJ]8n$r(B # $BM-8z$K$7$^$9!#(B # # if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f done else echo echo "PROBLEMS SETTING UP IP SPOOFING PROTECTION. BE WORRIED." echo fi # $B8=B8$9$kA4$F$N%M%C%H%o!<%/%$%s%?!<%U%'!<%9$N%V%m!<%I%-%c%9%H$r(B # $BH]Dj$7$^$9!#(B /sbin/ipchains -A input -d 0.0.0.0 -j DENY /sbin/ipchains -A input -d 255.255.255.255 -j DENY # $B$3$l$i$O%m%05-O?$9$k$3$H$J$/H]Dj$7$^$9!#(B /sbin/ipchains -A input -p udp -d $ANY 137 -j DENY # NetBIOS over IP /sbin/ipchains -A input -p tcp -d $ANY 137 -j DENY # "" /sbin/ipchains -A input -p udp -d $ANY 138 -j DENY # "" /sbin/ipchains -A input -p tcp -d $ANY 138 -j DENY # "" /sbin/ipchains -A input -p udp -d $ANY 67 -j DENY # bootp /sbin/ipchains -A input -p udp -d $ANY 68 -j DENY # "" /sbin/ipchains -A input -s 224.0.0.0/8 -j DENY # Multicast addresses ## ## $B%W%i%$%Y!<%H%M%C%H%o!<%/$+$iH/$9$k%Q%1%C%H$r5v2D$7$^$9!#(B ## # $B%k!<%W%P%C%/%$%s%?!<%U%'!<%9>e$NA4$F$N%Q%1%C%H$r5v2D$7$^$9!#(B /sbin/ipchains -A input -i lo -j ACCEPT # $BFbIt$N(B "$B?.Mj$G$-$k(B" $B%$%s%?!<%U%'!<%9$+$iH/$;$i$l$k%Q%1%C%H$rA4$F(B # $B5v2D$7$^$9!#(B /sbin/ipchains -A input -i $PRIVATE -s $PRIVATENET -d $ANY -j ACCEPT /sbin/ipchains -A input -i $PRIVATE -d $ALLONES -j ACCEPT ## ## $B%U%!%$%"%&%)!<%k$X$N30It%5!<%S%9$r5v2D$7$^$9!#(B ## # ICMP $B$r5v2D$7$^$9!#(B /sbin/ipchains -A input -p icmp -j ACCEPT # TCP $B$r5v2D$7$^$9!#(B # $B!ZLuCm(B: tcp syn $B%Q%1%C%H0J30$r5v2D$7$^$9!#![(B /sbin/ipchains -A input -p tcp ! -y -j ACCEPT # ($B%U%!%$%"%&%)!<%k>e$N(B)DNS$BC5:w$r5v2D$7$^$9!#(B /sbin/ipchains -A input -p udp -s $DNS1 domain -d $ANY 1023: -j ACCEPT /sbin/ipchains -A input -p udp -s $DNS2 domain -d $ANY 1023: -j ACCEPT # $B$"$k$$$O(B ($B$h$jNI$$0F$H$7$F(B) $B%-%c%C%7%e(B DNS $B%5!<%P$r%k!<%?>e$G(B # $B2TF0$5$;!">e5-$NBe$o$j$K0J2<$N9T$rMQ$$$^$9!#(B # /sbin/ipchains -A input -p udp -s $DNS1 domain -d $ANY domain -j ACCEPT # /sbin/ipchains -A input -p udp -s $DNS2 domain -d $ANY domain -j ACCEPT # $B0J2<$N9T$G(B ssh $B$r5v2D$7$^$9!#(B /sbin/ipchains -A input -p tcp -d $ANY 22 -j ACCEPT # $B0J2<$N9T$G(B telnet $B$r5v2D$7$^$9!#(B ($B$*A&$a$7$^$;$s(B!!) /sbin/ipchains -A input -p tcp -d $ANY telnet -j ACCEPT # $B0J2<$N9T$G%k!<%?$K(B NTP (network time protocol: $B%M%C%H%o!<%/(B # $B%?%$%`%W%m%H%3%k(B) $B$r5v2D$7$^$9!#(B # /sbin/ipchains -A input -p udp -d $ANY ntp -j ACCEPT # SMTP $B$r5v2D$7$^$9!#(B ($B%a!<%k%/%i%$%"%s%H$N0Y$G$O$"$j$^$;$s(B - $B%5!<%P(B # $B$@$1$G$9(B) /sbin/ipchains -A input -p tcp -d $ANY smtp -j ACCEPT # POP3 $B$r5v2D$7$^$9!#(B($B%a!<%k%/%i%$%"%s%HMQ(B) /sbin/ipchains -A input -p tcp -d $ANY 110 -j ACCEPT # $B%a!<%kAw?.$^$?$O(B ftp $B%"%/%;%9$KMQ$$$k(B auth $B%W%m%H%3%k$r(B # $B5v2D$7$^$9!#(B /sbin/ipchains -A input -p tcp -d $ANY auth -j ACCEPT # $B30It$+$i$N(B HTTP $B%"%/%;%9$r5v2D$7$^$9!#(B # ($B%k!<%?>e$G(B web $B%5!<%P$r2TF/$7$F$$$k>l9g$K8B$j$^$9!#(B) /sbin/ipchains -A input -p tcp -d $ANY http -j ACCEPT # $B30It$+$i$N(B FTP $B%"%/%;%9$r5v2D$7$^$9!#(B /sbin/ipchains -A input -p tcp -d $ANY ftp -j ACCEPT ## ## $B%^%9%+%l!<%I4X78(B ## # $BFbIt%M%C%H%o!<%/$+$iE>Aw$5$l$?%Q%1%C%H$r%^%9%+%l!<%I$7$^$9!#(B /sbin/ipchains -A forward -s $PRIVATENET -d $ANY -j MASQ ## ## $B>e5-0J30$NA4$F$r5qH]$7!"(B /var/log/messages $B$X%m%05-O?$7$^$9!#(B ## /sbin/ipchains -A input -l -j DENY # input $B%A%'%$%s$K$+$V$;$F$$$?38$r<h$j30$7$^$9!#(B /sbin/ipchains -D input 1 ;; stop) action "Stoping firewall: " /bin/true echo 0 > /proc/sys/net/ipv4/ip_forward /sbin/ipchains -F input /sbin/ipchains -F output /sbin/ipchains -F forward echo ;; restart) action "Restarting firewall: " /bin/true $0 stop $0 start echo ;; status) # $B@_DjFbMF$r%j%9%HI=<($7$^$9!#(B /sbin/ipchains -L ;; test) ## ## $B$H$F$bC1=c$J%U%!%$%"%&%)!<%k$N%F%9%H$G$9!#(B ## (*$BA4$/(B*$B%;%-%e%"$G$O$"$j$^$;$s(B) ## $B!ZLuCm(B: $B%Q%1%C%H%U%#%k%?%j%s%0$N@_Dj$rA4$F<h$jJ'$$!"(B ## $B%^%9%+%l!<%I$N@_Dj$N$_M-8z$K$7$^$9!#(B ## $B$3$N@_Dj$OD9;~4VB3$1$F$O$J$j$^$;$s!#![(B action "WARNING Test Firewall: " /bin/true /sbin/ipchains -F input /sbin/ipchains -F output /sbin/ipchains -F forward echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/ipchains -A input -j ACCEPT /sbin/ipchains -A output -j ACCEPT /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -i $PUBLIC -j MASQ echo ;; *) echo "Usage: $0 {start|stop|restart|status|test}" exit 1 esac </PRE> <P> <P> <HR> <A HREF="Firewall-HOWTO-16.html">$B<!$N%Z!<%8(B</A> <A HREF="Firewall-HOWTO-14.html">$BA0$N%Z!<%8(B</A> <A HREF="Firewall-HOWTO.html#toc15">$BL\<!$X(B</A> </BODY> </HTML>