Doubt about the use of additional config file on iptables on FC7.

Vinicius cviniciusm at uol.com.br
Sun Jun 3 20:23:22 UTC 2007


Hello,

The system-config-securitylevel says I can use an additional config file 
on iptables, more specifically after the defaults. So should myiptables be:
/etc/sysconfig/myiptables:
"-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport <a 
port> -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT"

<a port>  = a port that I want to open.

Must I move the three final lines of iptables to the final of myitables?


Regards,
Vinicius.




More information about the fedora-list mailing list