iptables question
jludwig
wralphie at comcast.net
Tue Jul 27 01:56:06 UTC 2004
On Mon, 2004-07-26 at 21:43, Thomas Sapp wrote:
> I was wondering about how to change or add rules to the iptables. I
> read the man page for it but can't seem to quite grasp the concept
> apparently. Here is what I get from an iptables -t filter -L:
> ************************************************************************
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> RH-Firewall-1-INPUT all -- anywhere anywhere
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> RH-Firewall-1-INPUT all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain RH-Firewall-1-INPUT (2 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT icmp -- anywhere anywhere icmp any
> ACCEPT ipv6-crypt-- anywhere anywhere
> ACCEPT ipv6-auth-- anywhere anywhere
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT tcp -- anywhere anywhere state NEW
> tcp dpt:http
> ACCEPT tcp -- anywhere anywhere state NEW
> tcp dpt:https
> ACCEPT tcp -- anywhere anywhere state NEW
> tcp dpt:ftp
> ACCEPT tcp -- anywhere anywhere state NEW
> tcp dpt:ssh
> ACCEPT tcp -- anywhere anywhere state NEW
> tcp dpt:5801
> ACCEPT tcp -- anywhere anywhere state NEW
> tcp dpt:5901
> ACCEPT udp -- anywhere anywhere state NEW
> udp dpt:5801
> ACCEPT udp -- anywhere anywhere state NEW
> udp dpt:5901
> REJECT all -- anywhere anywhere reject-with
> icmp-host-prohibited
> *************************************************************************
>
> I would like to change the settings for the ports for ftp, ssh, and VNC
> to only allow connections from 204.99.118.0/24 and so far this is what I
> have:
>
> iptables -t filter -R RH-Firewall-1-INPUT 9 -p tcp -s 204.99.118.0/24
>
> All that does is produce an output similar to this:
>
> tcp -- 204.99.118.0/24 anywhere
>
> Can anyone help me with what I am doing wrong? How do I add the ACCEPT
> and the state? I have tried --state but it keeps telling me that it is
> an incorrect option.
>
> --
> Thanks,
> Tom Sapp
> http://www.sappsworld.com
Try
iptables -t filter -R RH-Firewall-1-INPUT 9 -p tcp -s 204.99.118.0/24 -j
ACCEPT
The rule is there but does nothing without a jump to filter (-j DROP,
ACCEPT, REJECT, etc)
--
jludwig <wralphie at comcast.net>
More information about the fedora-list
mailing list