iptables rules
Sir June
sir_june at yahoo.com
Wed Mar 31 03:45:03 UTC 2010
try allowing the port and put a block all traffic.
iptables -A INPUT -p tcp -d k.l.m.n --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -d w.x.y.z --dport 80 -j ACCEPT
iptables -A INPUT -j DROP
hth,
Sir June
----- Original Message ----
From: "m.roth at 5-cent.us" <m.roth at 5-cent.us>
To: CentOS <centos at centos.org>; redhat <redhat-list at redhat.com>
Sent: Mon, March 29, 2010 3:48:01 PM
Subject: iptables rules
I've got a server with several ip's on eth0. I want to block all traffic
*except* to port 80 on them, but not on any other IPs, so that
eth0 is www.xxx.yyy.zzz
eth0:1 is www.xxx.yyy.ggg
eth0:2 is www.xxx.yyy.hhh
I've tried
-A RH-Firewall-1-INPUT -p tcp -d www.xxx.yyy.ggg --dport ! 80 -j DROP
-A RH-Firewall-1-INPUT -p tcp -d www.xxx.yyy.hhh --dport ! 80 -j DROP
and restarted (and several variants of this). iptables-save displays
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [769:48207]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -d www.xxx.yyy.ggg -p tcp -m tcp ! --dport 80 -j DROP
-A RH-Firewall-1-INPUT -d www.xxx.yyy.hhh -p tcp -m tcp ! --dport 80 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
<...>
and I notice it puts the ! in front of the --dport, but has no complaints.
However, I can telnet to www.xxx.yyy.hhh 443. What's wrong with the rules?
mark
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list