[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Allow only HTTP requests



Sudev Barar wrote:
On 12/13/05, Brad Thomas <bthomas psysolutions com> wrote:
Is there a setting that I can make to only allow HTTP requests on ETH1
and block any other type of requests?



Easy way:
If you are using stock k12ltsp as root from a terminal give command
"setup" Choose menu firewall>customize Set eth1 as non trusted device
(default) and then set allow http Save before quitting. The command
"service iptables restart" should do the trick. Caution assuming eth0
is ltsp network device always set this as trusted device other wise
ltsp network will also come to halt.

Simpler way:
"man iptables" and edit /etc/sysconfig/iptables suitably and restart service.

In both cases take backup of /etc/sysconfig/iptables before
attampting. This way you can alsways copy back and come back to status
quo.

-
Also, be very sure you aren't doing this from SSH, or if you are, be sure you allow inbound SSH (port 22) BEFORE anything else! I've made the mistake twice now (in the course of about five years) of doing "iptables -P INPUT DROP" before first doimg "iptables -I INPUT -p tcp --dport 22 -j ACCEPT" - once the computer was right next to me, but the other time required driving to another location to get at the physical console.

Funny, yes, but only in retrospect.

Cheers,
Mike


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]