[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Enable Firewall, But Allow Specific Inbound Connections

From: Angelo Machils <angelus sangreal demon nl>
To: fedora-list redhat com
Subject: Re: Enable Firewall, But Allow Specific Inbound Connections
Date: Tue, 01 Feb 2005 10:34:28 +0100

now suppose I independently add a rule like this:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -s 192.168.1.0/24 -j ACCEPT

the rule will be added to the bottom of the RH-Firewall -1-INPUT chain, right after that REJECT. So a datagram for port 3306 will traverse the chain, hit the REJECT, and get blown away without ever being inspected by the new rule appearing after the REJECT.

Am I on the right track here?

Thanks

Bob Cochran

Hi there, don't know if anyone give this tip yes, but make a crontab when messing with iptables which shuts down iptables after lets say 10 minutes (or enough time for you to test the new tables), so in case you get yourself locked out of the machine, you will have access again after the job runs. Yeah, experience :)

Regards, Angelo

Follow-Ups:
- Re: Enable Firewall, But Allow Specific Inbound Connections
  - From: Ow Mun Heng

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]