[K12OSN] Allow only HTTP requests

Brad Thomas bthomas at psysolutions.com
Tue Dec 13 15:14:10 UTC 2005


Thanks for the help everyone.

One last question is how can I remove the VNC Viewer from the Menu for 
the users, as well as removing other items from users?

Thanks again everyone.

Mike Ely wrote:

> Sudev Barar wrote:
>
>> On 12/13/05, Brad Thomas <bthomas at psysolutions.com> wrote:
>>
>>> Is there a setting that I can make to only allow HTTP requests on ETH1
>>> and block any other type of requests?
>>>
>>
>>
>> Easy way:
>> If you are using stock k12ltsp as root from a terminal give command
>> "setup" Choose menu firewall>customize Set eth1 as non trusted device
>> (default) and then set allow http Save before quitting. The command
>> "service iptables restart" should do the trick. Caution assuming eth0
>> is ltsp network device always set this as trusted device other wise
>> ltsp network will also come to halt.
>>
>> Simpler way:
>> "man iptables" and edit /etc/sysconfig/iptables suitably and restart 
>> service.
>>
>> In both cases take backup of /etc/sysconfig/iptables before
>> attampting. This way you can alsways copy back and come back to status
>> quo.
>>
>> -
>
> Also, be very sure you aren't doing this from SSH, or if you are, be 
> sure you allow inbound SSH (port 22) BEFORE anything else!  I've made 
> the mistake twice now (in the course of about five years) of doing 
> "iptables -P INPUT DROP" before first doimg "iptables -I INPUT -p tcp 
> --dport 22 -j ACCEPT" - once the computer was right next to me, but 
> the other time required driving to another location to get at the 
> physical console.
>
> Funny, yes, but only in retrospect.
>
> Cheers,
> Mike
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>




More information about the K12OSN mailing list