iptables
Patrick Derwael
pderwael at webandco.be
Fri Sep 15 13:56:53 UTC 2006
Peter,
Thank you for the hint (/32)
I've added my DNS & GW, and I can connect from anywhere within the allowed
range, I also can get out to the Net, but...
This setup prevents any returning packet from the Net to get in...
I presume this is related to the connection state, but I don't have a clue
about how to set this up properly.
My script is the following :
# Start from a clean situation
iptables -F
# Authorised range
iptables -A INPUT -s 127.0.0.1/32 -j ACCEPT
iptables -A INPUT -s 111.222.333.211/32 -j ACCEPT
iptables -A INPUT -s 111.222.333.212/32 -j ACCEPT
iptables -A INPUT -s 111.222.333.213/32 -j ACCEPT
iptables -A INPUT -s 111.222.333.214/32 -j ACCEPT
iptables -A INPUT -s 111.222.333.215/32 -j ACCEPT
iptables -A INPUT -s 111.222.333.216/32 -j ACCEPT
iptables -A INPUT -s 111.222.333.217/32 -j ACCEPT
iptables -A INPUT -s 111.222.333.218/32 -j ACCEPT
iptables -A INPUT -s 111.222.333.219/32 -j ACCEPT
# DNS1-DNS2
iptables -A INPUT -s 111.222.333.131/32 -j ACCEPT
iptables -A INPUT -s 111.222.333.141/32 -j ACCEPT
# Gateway
iptables -A INPUT -s 111.222.333.254/32 -j ACCEPT
# Drop all the rest
iptables -A INPUT -s ! 111.222.333.219/32 -j DROP
iptables -L
#
On Fri, September 15, 2006 2:30 pm, Chiu, PCM \(Peter\) said:
> I would suggest
>
> iptables -F
> iptables -A INPUT -s x.y.z.211/32 -j ACCEPT
> iptables -A INPUT -s x.y.z.212/32 -j ACCEPT
> ....
> iptables -A INPUT -s ! x.y.z.219/32 -j DROP
>
> You may also need to include your own default router and dns server to
> the accept list,
> otherwise you won't get out.
>
> Peter
More information about the redhat-list
mailing list