iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 25 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -P INPUT DROP
The first line would accept anything from any IP in the 192.168.254.0 netblock, lines 2-5 anything on port 22, 25, or 80, and the last, set it to drop everything else?
Jason Martin wrote:
I'd suggest the second option, but be sure to change the policy to DROP _after_ you've set up rules to allow you access.
-Jason Martin
On Fri, 29 Aug 2003, Andrew Gaffney wrote:
I'm trying to create a firewall using iptables. I want it to drop incoming packets except to ports 22, 25, and 80 unless the source address is 192.168.254.x. I'm asking before I do this because I'm accessing the computer remotely right now and I don't want to cut myself off from it. I'm thinking something like:
iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 25 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p all -j DROP
-or-
iptables -P INPUT DROP iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 25 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT
Would either of these get me the desired results?
-- [EMAIL PROTECTED] mailing list
-- Andrew Gaffney
-- [EMAIL PROTECTED] mailing list
