[K12OSN] Allow only HTTP requests
Mike Ely
mely at rogueriver.k12.or.us
Tue Dec 13 04:38:43 UTC 2005
Sudev Barar wrote:
> On 12/13/05, Brad Thomas <bthomas at psysolutions.com> wrote:
>> Is there a setting that I can make to only allow HTTP requests on ETH1
>> and block any other type of requests?
>>
>
>
> Easy way:
> If you are using stock k12ltsp as root from a terminal give command
> "setup" Choose menu firewall>customize Set eth1 as non trusted device
> (default) and then set allow http Save before quitting. The command
> "service iptables restart" should do the trick. Caution assuming eth0
> is ltsp network device always set this as trusted device other wise
> ltsp network will also come to halt.
>
> Simpler way:
> "man iptables" and edit /etc/sysconfig/iptables suitably and restart service.
>
> In both cases take backup of /etc/sysconfig/iptables before
> attampting. This way you can alsways copy back and come back to status
> quo.
>
> -
Also, be very sure you aren't doing this from SSH, or if you are, be
sure you allow inbound SSH (port 22) BEFORE anything else! I've made
the mistake twice now (in the course of about five years) of doing
"iptables -P INPUT DROP" before first doimg "iptables -I INPUT -p tcp
--dport 22 -j ACCEPT" - once the computer was right next to me, but the
other time required driving to another location to get at the physical
console.
Funny, yes, but only in retrospect.
Cheers,
Mike
More information about the K12OSN
mailing list