iptables question
Youssef Makki
bugzilla at sympatico.ca
Wed Feb 25 18:09:36 UTC 2004
I know that manually, I'd do it as such:
/sbin/iptables -I INPUT -p tcp --dport 515 -j ACCEPT
/sbin/iptables -I INPUT -p udp --dport 515 -j ACCEPT
For more security add "-i ethX" to allow this just on your localnet if
that's what you want. -m is for extended matches (like -m multiport),
you don't need that in your rules.
Are you using some tool to save the rules? you could do the ones I
mentioned and iptables-save should save it. I write separate firewall.sh
scripts and load them through /etc/rc.local.
When I still have trouble getting some traffic through, I open the
firewall (-I INPUT -j ACCEPT, only locally of course), and run tcpdump
to see what's happening, you'll get an idea what you need to do. Logging
in iptables might be helpful too.
Cheers
On Wed, 2004-02-25 at 11:06, Andrew Robinson wrote:
> I want to enable lpr printing (from an Apple Powerbook running MacOS X
> 10.2) for printers on my Fedora Core 1 box. According to the
> /etc/services file, printing services are given as:
>
> printer 515/tcp spooler # line printer spooler
> printer 515/udp spooler # line printer spooler
>
> So based on previous information from this list about iptables, I added
> these two entries:
>
> # Printer Access
> -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 515 -j ACCEPT
> -A RH-Firewall-1-INPUT -m udp -p udp --dport 515 -j ACCEPT
>
> My question is, is this what I want to do?
>
> Thanks!
>
> Andrew Robinson
>
More information about the fedora-list
mailing list