Need More iptable Rules
Tim
ignored_mailbox at yahoo.com.au
Thu Aug 25 11:17:45 UTC 2005
On Thu, 2005-08-25 at 06:21 -0400, Greg Swallow wrote:
> Looks like all I need is to open a two-way hole for each port in
> firewall. I should be able to get the rules in and saved, but again
> it's been long enough that building each rule line escapes me.
If you're doing it by hand, read the iptables man file. I don't use the
abbreviations, it's easier to remember how to do them that way.
e.g. iptables --append INPUT --jump DROP \! --in-interface eth+ --source 192.168.0.0/16
(Drop traffic that's not coming from the eth0 interface, but has private
IP addresses. Which pretty much says allow all local traffic, by
itself, though I have other rules in combination.)
Otherwise, you can use the (security level) GUI tool, and just add in
the ports you want to trust.
--
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.
More information about the fedora-list
mailing list