How to block a range of IP's with system-config-securitylevel-tui?
Alexander Dalloz
ad+lists at uni-x.org
Wed Nov 24 16:09:03 UTC 2004
Am Mi, den 24.11.2004 schrieb Cassius V. de Magalhaes um 14:34:
> Does $YOUR_INPUT_INTERFACE is eth0 for example?
Could be eth0 for example, yes. If you have 2 ethernet devices because
of 2 network cards - 1 NIC for internal net, 1 NIC to the public
internet - it could too be ppp0 or eth1.
> The iptables -L doesn't show any interface, only "RH-Firewall-1-INPUT"
> as the "target" field.
"RH-Firewall-1INPUT" is a so called chain. I think the simply firewall
Fedora comes with has no distinction between several interfaces. It
knows "lo" (loopback device) and the rest. The rules Fedora comes with
and the possible settings using the system-config-security do not allow
to setup anything advanced. If you have advanced needs then you either
know the iptables syntax and create your own custom rulesets or you use
a GUI tool like firestarter which you hopefully understand.
> I have tryed the command under with $YOUR_INPUT_INTERFACE set up to
> RH-Firewall-1-INPUT, but it showed "interface name
> `RH-Firewall-1-INPUT' must be shorter than IFNAMSIZ (15)".
I kept the example line general because I don't know your hardware
setup. if you have an ethernet device eth0, which is the device you want
to block access to from a specific host range, then
$YOUR_INPUT_INTERFACE would be eth0. The INTERFACE is no chain.
> TIA, Vinicius.
www.netfilter.org is the recommended site to read and understand
iptables syntax. netfilter is the part of the kernel doing the packet
checking and iptables is the userland tool for root to administer the
netfilter part.
Alexander
--
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp
Serendipity 16:59:32 up 4 days, 11:47, load average: 1.17, 0.57, 0.36
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041124/89331b18/attachment-0001.sig>
More information about the fedora-list
mailing list