iptables question
Thomas Sapp
tpsapp at hotmail.com
Tue Jul 27 01:43:25 UTC 2004
I was wondering about how to change or add rules to the iptables. I
read the man page for it but can't seem to quite grasp the concept
apparently. Here is what I get from an iptables -t filter -L:
************************************************************************
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:5801
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:5901
ACCEPT udp -- anywhere anywhere state NEW
udp dpt:5801
ACCEPT udp -- anywhere anywhere state NEW
udp dpt:5901
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
*************************************************************************
I would like to change the settings for the ports for ftp, ssh, and VNC
to only allow connections from 204.99.118.0/24 and so far this is what I
have:
iptables -t filter -R RH-Firewall-1-INPUT 9 -p tcp -s 204.99.118.0/24
All that does is produce an output similar to this:
tcp -- 204.99.118.0/24 anywhere
Can anyone help me with what I am doing wrong? How do I add the ACCEPT
and the state? I have tried --state but it keeps telling me that it is
an incorrect option.
--
Thanks,
Tom Sapp
http://www.sappsworld.com
More information about the fedora-list
mailing list