[lug] IP Tables
Ben Whaley
bwhaley at gmail.com
Fri Sep 21 21:44:17 MDT 2007
Try putting them in /etc/sysconfig/iptables (just the rules, not the command).
- Ben
On 9/21/07, karl horlen <horlenkarl at yahoo.com> wrote:
> > iptables -A INPUT -i lo -j ACCEPT
> > iptables -A INPUT -m state --state
> > ESTABLISHED,RELATED -j ACCEPT
> > iptables -A INPUT -m state --state NEW -m tcp -p tcp
> > --dport 80 -j ACCEPT
> > iptables -A INPUT -m state --state NEW -m tcp -p tcp
> > --dport 22 -s 111.222.333.444 -j ACCEPT
> > iptables -A INPUT -m state --state NEW -m tcp -p tcp
> > --dport 22 -j LOG
> > iptables -A INPUT -j REJECT --reject-with
> > icmp-host-prohibited
> >
> > Fill in 111.222.333.444 with your ssh allowed ip.
> >
> > Not tested, YMMV.
> that seems pretty straightforward. some of the other
> variations i've seen online usually start out with 3
> default policies that reject everything on the various
> chains to do an initial lockdown. and then open it
> back up with ACCEPT rules.
>
> would you happen to know the best way to make the
> rules permanent on boot in RH?
>
> thanks kevin
>
>
> ____________________________________________________________________________________
> Shape Yahoo! in your own image. Join our Network Research Panel today! http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
>
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
More information about the LUG
mailing list