Enable Firewall, But Allow Specific Inbound Connections

Robert L Cochran cochranb at speakeasy.net
Tue Feb 1 00:56:03 UTC 2005 

micheal wrote:

>On Sun, 2005-01-30 at 04:53 -0500, Robert L Cochran wrote:
>  
>
>>Gain Paolo Mureddu wrote:
>>
>>    
>>
>>>Robert L Cochran wrote:
>>>
>>>      
>>>
>>>>On Fedora Core 3, I want to enable the firewall, permitting inbound 
>>>>TCP connections from anywhere on port 80. I also want to allow 
>>>>inbound connections on port 3306 but only from hosts 192.168.1.1 and  
>>>>192.168.1.2.
>>>>
>>>>It looks like I can't do this from the Applications --> System 
>>>>Settings --> Security Level GUI. I can allow ports 80 and 3306, but 
>>>>it doesn't look like I can limit the port 3306 connections to just 2 
>>>>specific hosts. I would have to craft an IPTABLES script. Am I right 
>>>>here, and if so, what would be the right way to add specific IPTABLES 
>>>>rules without interfering with the Security Level applet?
>>>>
>>>>Thanks
>>>>
>>>>Bob Cochran
>>>>Greenbelt, Maryland, USA
>>>>
>>>>        
>>>>
>>>I (as the other posters) will recommend you to learn iptables, and if 
>>>you want a very easy way to configure your firewall and build *quite* 
>>>complex per-interface rule sets, I'd strongly recommend you take a 
>>>look at fwbuilder (there are the packages for it in the pre-extras 
>>>repo [http://fedoraproject.org/pre-extras])
>>>
>>>      
>>>
>>Thank you. How do I implement iptables rules without interfering with 
>>what the Security Level applet sets?
>>
>>Bob
>>
>>    
>>
>
>Very simply, open up a terminal, su over to root.  Add the iptables
>rules tgat you want.  
>
>When you are finshed, service iptables save will make them permanent
>
>MC
>
>  
>
Thank you. I am assuming that the Security Level applet adds its own 
iptables rules. Is this correct? So it would drop all inbound 
connections on all ports to start with, and allow in only the  the 
connections I permit through the applet.

If I'm right about the above, then I can just do what you say: just add 
the new iptables rules I'm interested in, enter 'service iptables save', 
and they become permanent. Am I still right?

Now suppose I screwed up and made a mistake. Can I change the rules I 
messed up?

Thanks

Bob

More information about the fedora-list mailing list