iptables question

Youssef Makki bugzilla at sympatico.ca
Wed Feb 25 18:09:36 UTC 2004


I know that manually, I'd do it as such:
/sbin/iptables -I INPUT -p tcp --dport 515 -j ACCEPT
/sbin/iptables -I INPUT -p udp --dport 515 -j ACCEPT

For more security add "-i ethX" to allow this just on your localnet if
that's what you want. -m is for extended matches (like -m multiport),
you don't need that in your rules.

Are you using some tool to save the rules? you could do the ones I
mentioned and iptables-save should save it. I write separate firewall.sh
scripts and load them through /etc/rc.local.

When I still have trouble getting some traffic through, I open the
firewall (-I INPUT -j ACCEPT, only locally of course), and run tcpdump
to see what's happening, you'll get an idea what you need to do. Logging
in iptables might be helpful too.

Cheers


On Wed, 2004-02-25 at 11:06, Andrew Robinson wrote:
> I want to enable lpr printing (from an Apple Powerbook running MacOS X 
> 10.2) for printers on my Fedora Core 1 box. According to the 
> /etc/services file, printing services are given as:
> 
> printer  515/tcp  spooler  # line printer spooler
> printer  515/udp  spooler  # line printer spooler
> 
> So based on previous information from this list about iptables, I added 
> these two entries:
> 
> # Printer Access
> -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 515 -j ACCEPT
> -A RH-Firewall-1-INPUT -m udp -p udp --dport 515 -j ACCEPT
> 
> My question is, is this what I want to do?
> 
> Thanks!
> 
> Andrew Robinson
> 





More information about the fedora-list mailing list