[lug] IP Tables

karl horlen horlenkarl at yahoo.com
Fri Sep 21 21:07:39 MDT 2007


> iptables -A INPUT -i lo -j ACCEPT
> iptables -A INPUT -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -m state --state NEW -m tcp -p tcp
> --dport 80 -j ACCEPT
> iptables -A INPUT -m state --state NEW -m tcp -p tcp
> --dport 22 -s 111.222.333.444 -j ACCEPT 
> iptables -A INPUT -m state --state NEW -m tcp -p tcp
> --dport 22 -j LOG
> iptables -A INPUT -j REJECT --reject-with
> icmp-host-prohibited
> 
> Fill in 111.222.333.444 with your ssh allowed ip. 
> 
> Not tested, YMMV. 
that seems pretty straightforward.  some of the other
variations i've seen online usually start out with 3
default policies that reject everything on the various
chains to do an initial lockdown. and then open it
back up with ACCEPT rules.

would you happen to know the best way to make the
rules permanent on boot in RH?

thanks kevin


      ____________________________________________________________________________________
Shape Yahoo! in your own image.  Join our Network Research Panel today!   http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 





More information about the LUG mailing list