[K12OSN] Allow only HTTP requests

Mike Ely mely at rogueriver.k12.or.us
Tue Dec 13 04:38:43 UTC 2005


Sudev Barar wrote:
> On 12/13/05, Brad Thomas <bthomas at psysolutions.com> wrote:
>> Is there a setting that I can make to only allow HTTP requests on ETH1
>> and block any other type of requests?
>>
> 
> 
> Easy way:
> If you are using stock k12ltsp as root from a terminal give command
> "setup" Choose menu firewall>customize Set eth1 as non trusted device
> (default) and then set allow http Save before quitting. The command
> "service iptables restart" should do the trick. Caution assuming eth0
> is ltsp network device always set this as trusted device other wise
> ltsp network will also come to halt.
> 
> Simpler way:
> "man iptables" and edit /etc/sysconfig/iptables suitably and restart service.
> 
> In both cases take backup of /etc/sysconfig/iptables before
> attampting. This way you can alsways copy back and come back to status
> quo.
> 
> -
Also, be very sure you aren't doing this from SSH, or if you are, be 
sure you allow inbound SSH (port 22) BEFORE anything else!  I've made 
the mistake twice now (in the course of about five years) of doing 
"iptables -P INPUT DROP" before first doimg "iptables -I INPUT -p tcp 
--dport 22 -j ACCEPT" - once the computer was right next to me, but the 
other time required driving to another location to get at the physical 
console.

Funny, yes, but only in retrospect.

Cheers,
Mike




More information about the K12OSN mailing list