Enable Firewall, But Allow Specific Inbound Connections
micheal
sundance at sundanceloki.com
Tue Feb 1 01:19:12 UTC 2005
On Mon, 2005-01-31 at 19:56 -0500, Robert L Cochran wrote:
> >>>
> >>Thank you. How do I implement iptables rules without interfering with
> >>what the Security Level applet sets?
> >>
> >>Bob
> >>
> >>
> >>
> >
> >Very simply, open up a terminal, su over to root. Add the iptables
> >rules tgat you want.
> >
> >When you are finshed, service iptables save will make them permanent
> >
> >MC
> >
> >
> >
> Thank you. I am assuming that the Security Level applet adds its own
> iptables rules. Is this correct? So it would drop all inbound
> connections on all ports to start with, and allow in only the the
> connections I permit through the applet.
>
> If I'm right about the above, then I can just do what you say: just add
> the new iptables rules I'm interested in, enter 'service iptables save',
> and they become permanent. Am I still right?
>
> Now suppose I screwed up and made a mistake. Can I change the rules I
> messed up?
>
> Thanks
>
> Bob
>
Essentially yes, system-config-secutitylevel works the same way. For
example, If you were to add for Other ports: 445:tcp in the applet. It
would add this to the chain:
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds
The same effect can be achieved by
iptables -A INPUT -p TCP -dport 445 -d 192.168.1.1 -j ACCEPT
and then service iptables save
All of the available options are in man iptables, there are also some
very helpful pages on the web
Disclamer, I have not worked with iptables in a long time, feel free to
correct my syntax
MC
More information about the fedora-list
mailing list