Enable Firewall, But Allow Specific Inbound Connections
Angelo Machils
angelus at sangreal.demon.nl
Tue Feb 1 09:34:28 UTC 2005
>
>
>>
>>> now suppose I independently add a rule like this:
>>>
>>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306
>>> -s 192.168.1.0/24 -j ACCEPT
>>>
>>> the rule will be added to the bottom of the RH-Firewall -1-INPUT chain,
>>> right after that REJECT. So a datagram for port 3306 will traverse the
>>> chain, hit the REJECT, and get blown away without ever being inspected
>>> by the new rule appearing after the REJECT.
>>>
>>> Am I on the right track here?
>>>
>>> Thanks
>>>
>>> Bob Cochran
>>
Hi there, don't know if anyone give this tip yes, but make a crontab
when messing with iptables which shuts down iptables after lets say 10
minutes (or enough time for you to test the new tables), so in case you
get yourself locked out of the machine, you will have access again after
the job runs. Yeah, experience :)
Regards, Angelo
More information about the fedora-list
mailing list