[rhn-users] iptables question
Ted Pennings
ted at hostleft.com
Fri Feb 25 08:03:45 UTC 2005
Add the DROP rule first, then the two exception ALLOW rules. Newly
added rules take precedence over older ones. /sbin/iptables -L -v will
demonstrate this. BTW: your DROP rule needs -p tcp on it.
# /sbin/iptables -A INPUT -p tcp --dport ssh -j DROP
# /sbin/iptables -A INPUT -s 1.1.1.1 -p tcp --dport ssh -j ACCEPT
# /sbin/iptables -A INPUT -s 2.2.2.2 -p tcp --dport ssh -j ACCEPT
Then don't forget to save (commit) the iptables rules after verifying
that this is what you want. The changes to iptables become effective
immediately. If you don't save, iptables starts with to the last save
on server reboot. This is useful to remember if you lock yourself out
of a remote box :D
# /sbin/service iptables save
**NOTICE: DO NOT DO THIS OVER SSH** I tried to test if with a box in
the other room over SSH, and promptly locked myself out after the first
rule went into effect. (Server reboot fixed the problem.)
-Ted
---------------------------------------------------
Host Left Web Hosting http://www.hostleft.com
Ted Pennings (.com) http://www.tedpennings.com
Mobile Phone: 1.951.640.4092
AOL Instant Messenger: thesleepyvegan
More information about the rhn-users
mailing list