IPTABLES doesn't work
Michael Kearey
mutk at iprimus.com.au
Fri Jan 30 02:41:42 UTC 2004
smoothmilk wrote:
> Why doesn't redhat-config-securitylevel's iptables rules work?
>
> If I turn off EVERYTHING (www, ftp, ssh, etc) and save, and even
> manually restart iptables (# /sbin/service iptables restart) other
> computers on my network can access www (even on weird, non-standard
> ports with http servers on them) ftp, ssh, etc.
This is where it gets a little odd for me. 'Other computers on my
network can access www' What are these other computers? Unless they
gain access to Internet *through* your Fedora machine, the Fedora
machines firewall has NOTHING to do with those machines.
The current redhat-config-securitylevel tool works on rules that
control access to services running on the Fedora box, and cannot
influence any other machine attached to the same network accessing
other machines on that network.
>
> So whats the point of even including that tool if it doesn't do
> anything? I dont understand how it just flat out doesn't work. I have no
> idea how iptables works, and because there's no documentation out there
> for beginners who just want a script that's for eth0 with a simple www,
> ssh and ftp server(s), Im stuck using rh's tools, which don't do
> anything. there's no security here.
I can help. I suggest you go and seek the most basic understanding of
the nature of tcp/ip and ethernet networks, and have a good think
about it..
The redhat-config-securitylevel tool does pretty much exactly what it
is designed to do - Set up iptables rules to assist in controlling
access to services running on the host machine.
Cheers,
Michael
More information about the fedora-list
mailing list