IPTables to restrict an IP address to certain ports

David Hoffman dhoffman2004 at gmail.com
Fri Mar 18 16:52:14 UTC 2005


On Fri, 18 Mar 2005 10:44:21 -0600, Doug Coats <dcoats at heritagemail.org> wrote:
> Sorry for not being more exact.
> 
> The computer(A) that I want to print from is a Win98 machine.  It is hooked
> up to a FC2 box that acts as a file server/router.  The computer (B) with
> the printer is on another subnet.  Currently(with no IPTables rules for
> restriction) the
> computer A can print and has access to all network resources that any other
> computer on the network has access to.
> 
> I want to restrict, in IPTables, so that computer A can print on computer B
> but can only file share and print.
> 

Then you don't want computer A to even have access to the internet,
the only network connectivity it will have is to do file and printer
sharing.

I would include the three rules that I showed you earlier. If you want
to be more precise, and only allow computer A to print and share files
with computer B, but no other computers, then change the rules a
little.

Rule 1: ALLOW traffic from computer A with destination of computer B
and with destination ports of 137:139
Rule 2: ALLOW traffic from computer A with destination of computer B
and with destination ports of 445
Rule 3: DENY or REJECT all other traffic from computer A with ANY destination




More information about the fedora-list mailing list