iptables question

Thomas Sapp tpsapp at hotmail.com
Tue Jul 27 02:06:22 UTC 2004 

On Mon, 2004-07-26 at 18:56, jludwig wrote:
> On Mon, 2004-07-26 at 21:43, Thomas Sapp wrote:
> > I was wondering about how to change or add rules to the iptables.  I
> > read the man page for it but can't seem to quite grasp the concept
> > apparently.  Here is what I get from an iptables -t filter -L:
> > ************************************************************************
> > Chain INPUT (policy ACCEPT)
> > target     prot opt source               destination
> > RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> >  
> > Chain FORWARD (policy ACCEPT)
> > target     prot opt source               destination
> > RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> >  
> > Chain OUTPUT (policy ACCEPT)
> > target     prot opt source               destination
> >  
> > Chain RH-Firewall-1-INPUT (2 references)
> > target     prot opt source               destination
> > ACCEPT     all  --  anywhere             anywhere
> > ACCEPT     all  --  anywhere             anywhere
> > ACCEPT     icmp --  anywhere             anywhere            icmp any
> > ACCEPT     ipv6-crypt--  anywhere             anywhere
> > ACCEPT     ipv6-auth--  anywhere             anywhere
> > ACCEPT     all  --  anywhere             anywhere            state
> > RELATED,ESTABLISHED
> > ACCEPT     tcp  --  anywhere             anywhere            state NEW
> > tcp dpt:http
> > ACCEPT     tcp  --  anywhere             anywhere            state NEW
> > tcp dpt:https
> > ACCEPT     tcp  --  anywhere             anywhere            state NEW
> > tcp dpt:ftp
> > ACCEPT     tcp  --  anywhere             anywhere            state NEW
> > tcp dpt:ssh
> > ACCEPT     tcp  --  anywhere             anywhere            state NEW
> > tcp dpt:5801
> > ACCEPT     tcp  --  anywhere             anywhere            state NEW
> > tcp dpt:5901
> > ACCEPT     udp  --  anywhere             anywhere            state NEW
> > udp dpt:5801
> > ACCEPT     udp  --  anywhere             anywhere            state NEW
> > udp dpt:5901
> > REJECT     all  --  anywhere             anywhere            reject-with
> > icmp-host-prohibited
> > *************************************************************************
> > 
> > I would like to change the settings for the ports for ftp, ssh, and VNC
> > to only allow connections from 204.99.118.0/24 and so far this is what I
> > have:
> > 
> > iptables -t filter -R RH-Firewall-1-INPUT 9 -p tcp -s 204.99.118.0/24
> > 
> > All that does is produce an output similar to this:
> > 
> >           tcp  --  204.99.118.0/24      anywhere
> > 
> > Can anyone help me with what I am doing wrong?  How do I add the ACCEPT
> > and the state?  I have tried --state but it keeps telling me that it is
> > an incorrect option.
> > 
> > -- 
> > Thanks,
> > Tom Sapp
> > http://www.sappsworld.com
> Try
> iptables -t filter -R RH-Firewall-1-INPUT 9 -p tcp -s 204.99.118.0/24 -j
> ACCEPT
> 
> The rule is there but does nothing without a jump to filter (-j DROP,
> ACCEPT, REJECT, etc)
> -- 
> jludwig <wralphie at comcast.net>
cool, thanks.  That added the accept but what about the state NEW tcp
dpt:ftp?  It still tells me that --state is invalid and that is the only
option I see to add that info.  Sorry for the stupid questions. :-)
-- 
Thanks,
Tom Sapp
http://www.sappsworld.com

More information about the fedora-list mailing list