[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: iptables rules



On Mon, Mar 29, 2010 at 11:03 PM, <m roth 5-cent us> wrote:

> >> I've got a server with several ip's on eth0. I want to block all traffic
> >> *except* to port 80 on them, but not on any other IPs, so that
> >> eth0 is www.xxx.yyy.zzz
> >> eth0:1 is www.xxx.yyy.ggg
> >> eth0:2 is www.xxx.yyy.hhh
> >
> > How about:
> >
> > -A RH-Firewall-1-INPUT -d www.xxx.yyy.ggg -p tcp -m tcp --dport 80 -j
> > ACCEPT
> > -A RH-Firewall-1-INPUT -d www.xxx.yyy.ggg -j DROP
> > -A RH-Firewall-1-INPUT -d www.xxx.yyy.hhh -p tcp -m tcp --dport 80 -j
> > ACCEPT
> > -A RH-Firewall-1-INPUT -d www.xxx.yyy.hhh -j DROP
> >
> > .. I don't follow which ones are supposed to allow other traffic and
> which
> > ones aren't .. but this syntax should work for the allow port 80 only
> > portion.
>
> Yeah, I thought of that set, also, and the other was my manager's
> suggestion. I've tried that, also, and still no joy.
>
> *grump* (not you, just iptables....)
>
>         mark
>
>
Hi Mark,
   iptables is cool:) First of all make sure that loaded rules are matching
your iptables file and no NAT rule is involved
which might have already changed destination address. It is better if you
send the following output;

iptables -L -n -v
iptables -t nat -L -n -v


Genco.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]