iptables
Bill Davidsen
davidsen at tmr.com
Mon Feb 18 01:03:00 UTC 2008
Strong wrote:
> On Fri, 09 Nov 2007 08:17:44 +0900 John Summerfield
> <debian at herakles.homelinux.org> wrote:
>> He posted his rules to the list. His policy is accept, but he had a
>> global reject that would cause the message he saw.
>
> Where in the global reject was?
>
>> Does this help?
>> # service iptables stop
> No. How it can help, if no route is specified?
>
> But I have changed to this:
> iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
> iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT
> iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j MASQUERADE
>
> and now it works. Weird that adding the last line (without 'iptables '
> at the line beginning, of course) to the iptables file did error message
> at iptables restart. But loaded from command line is fine. How I can
> save the rules to survive reboot? Is there a tool provided for the
> iptables configuration, not system-config-security?
>
I personally would not take the REJECT out of the table, change the
policy to ACCEPT, or any such thing which might leave the smallest hole
for evil doers. By putting in the ACCEPT rules you can let your guest
have access. I would also not let in everything from the whole private
network, I would restrict the range and apply an interface restriction
to limit your exposure.
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the fedora-list
mailing list