iptables question
Thomas Sapp
tpsapp at hotmail.com
Tue Jul 27 02:06:22 UTC 2004
On Mon, 2004-07-26 at 18:56, jludwig wrote:
> On Mon, 2004-07-26 at 21:43, Thomas Sapp wrote:
> > I was wondering about how to change or add rules to the iptables. I
> > read the man page for it but can't seem to quite grasp the concept
> > apparently. Here is what I get from an iptables -t filter -L:
> > ************************************************************************
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> > RH-Firewall-1-INPUT all -- anywhere anywhere
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> > RH-Firewall-1-INPUT all -- anywhere anywhere
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain RH-Firewall-1-INPUT (2 references)
> > target prot opt source destination
> > ACCEPT all -- anywhere anywhere
> > ACCEPT all -- anywhere anywhere
> > ACCEPT icmp -- anywhere anywhere icmp any
> > ACCEPT ipv6-crypt-- anywhere anywhere
> > ACCEPT ipv6-auth-- anywhere anywhere
> > ACCEPT all -- anywhere anywhere state
> > RELATED,ESTABLISHED
> > ACCEPT tcp -- anywhere anywhere state NEW
> > tcp dpt:http
> > ACCEPT tcp -- anywhere anywhere state NEW
> > tcp dpt:https
> > ACCEPT tcp -- anywhere anywhere state NEW
> > tcp dpt:ftp
> > ACCEPT tcp -- anywhere anywhere state NEW
> > tcp dpt:ssh
> > ACCEPT tcp -- anywhere anywhere state NEW
> > tcp dpt:5801
> > ACCEPT tcp -- anywhere anywhere state NEW
> > tcp dpt:5901
> > ACCEPT udp -- anywhere anywhere state NEW
> > udp dpt:5801
> > ACCEPT udp -- anywhere anywhere state NEW
> > udp dpt:5901
> > REJECT all -- anywhere anywhere reject-with
> > icmp-host-prohibited
> > *************************************************************************
> >
> > I would like to change the settings for the ports for ftp, ssh, and VNC
> > to only allow connections from 204.99.118.0/24 and so far this is what I
> > have:
> >
> > iptables -t filter -R RH-Firewall-1-INPUT 9 -p tcp -s 204.99.118.0/24
> >
> > All that does is produce an output similar to this:
> >
> > tcp -- 204.99.118.0/24 anywhere
> >
> > Can anyone help me with what I am doing wrong? How do I add the ACCEPT
> > and the state? I have tried --state but it keeps telling me that it is
> > an incorrect option.
> >
> > --
> > Thanks,
> > Tom Sapp
> > http://www.sappsworld.com
> Try
> iptables -t filter -R RH-Firewall-1-INPUT 9 -p tcp -s 204.99.118.0/24 -j
> ACCEPT
>
> The rule is there but does nothing without a jump to filter (-j DROP,
> ACCEPT, REJECT, etc)
> --
> jludwig <wralphie at comcast.net>
cool, thanks. That added the accept but what about the state NEW tcp
dpt:ftp? It still tells me that --state is invalid and that is the only
option I see to add that info. Sorry for the stupid questions. :-)
--
Thanks,
Tom Sapp
http://www.sappsworld.com
More information about the fedora-list
mailing list