Firewall setting
Manuel Arostegui Ramirez
manuel at todo-linux.com
Sat Sep 8 12:13:41 UTC 2007
El Sábado, 8 de Septiembre de 2007 13:56, edwardspl at ita.org.mo escribió:
> Dear All,
>
> For the Firewall setting, how can we use the ftp and ssh service ?
>
> For file 1 :
>
> #!/bin/bash
>
> modprobe ip_tables
> modprobe ip_nat_ftp
> modprobe ip_conntrack
> modprobe ip_conntrack_ftp
>
> iptables -F
> iptables -X
> iptables -F -t nat
> iptables -X -t nat
> iptables -F -t mangle
> iptables -X -t mangle
>
> iptables -P OUTPUT ACCEPT
> iptables -P FORWARD ACCEPT
> iptables -t nat -P OUTPUT ACCEPT
> iptables -t nat -P PREROUTING ACCEPT
> iptables -t nat -P POSTROUTING ACCEPT
> iptables -t mangle -P PREROUTING ACCEPT
> iptables -t mangle -P POSTROUTING ACCEPT
> iptables -t mangle -P INPUT ACCEPT
> iptables -t mangle -P OUTPUT ACCEPT
> iptables -t mangle -P FORWARD ACCEPT
>
> For file2
>
> iptables -P INPUT DROP
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp --dport 21 -j ACCEPT
> iptables -A INPUT -p tcp --dport 22 -j ACCEPT
>
iptables -A INPUT -p tcp -d $SERVER_IP --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -d $SERVER_IP --dport 22 -j ACCEPT
try that one
Cheers
Manuel
--
Manuel Arostegui Ramirez.
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.
More information about the fedora-list
mailing list