how would I write this complex ip tables rule
Bevan Bennett
bevan at fulcrummicro.com
Mon Jan 12 16:21:23 UTC 2004
Technical wrote:
>i want any to access my web server;
>i want no one from idiot.com except joe.idiot.com and mary.idiot to access
>my web server... thanks
>
>
>
>
For something this specific, you might be better off telling iptables to
let in all traffic for port 80, then configuring your web server (apache
I presume) to set who can access what from where.
I believe that would go something like this in the relevant bits of
httpd.conf.
SetOrder Allow,Deny
Allow from joe.idiot.com
Allow from mary.idiot.com
Deny from idiot.com
Allow from all
By putting this in the webserver config rather than the firewall config,
you'll be keeping everything 'non-standard' in one place instead of two,
making it less likely that you'll forget about your changes later.
More information about the fedora-list
mailing list