[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: setting port ranges via Security Level GUI?



On Fri, 22 Oct 2004 11:11:50 +0900
Joel <rees ddcom co jp> wrote

> Can it be done?

Okay, as usually happens when I get worn out and through a question to
the list, I went back and did another search, and found several pages
that indicate the GUI tool cannot do ranges, and it overwrites any
changes we make by hand, so we don't want to use the GUI gadget once we
get into details like port ranges.

> If not, what do most people do when opening the netBIOS ports for samba
> (those who use samba, that is)? I assume, even though it only buys a
> speedbump, most people only open the netBIOS ports to the local net.

So the answer would seem to be hand editing --

> Manual editing of /etc/sysconfig/iptables (in spite of
> system-config-securitylevel warning away from that)?
> 
> Incidentally, when adding rules from the shell, I seem to have noticed
> that you can't specify multiple protocols and multiple ports in the same
> line like
> 
>     iptables -A INPUT -p ALL -i eth0 -s 10.5.0.0/22 --destination-port
> 137:139 -j ACCEPT
> 
> Seems that -p All and --destination-port start:end conflict with each
> other. Am I imagining things?

Thanks for listening.

-- 
Joel <rees ddcom co jp>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]