setting port ranges via Security Level GUI?

Joel rees at ddcom.co.jp
Fri Oct 22 03:38:40 UTC 2004


On Fri, 22 Oct 2004 11:11:50 +0900
Joel <rees at ddcom.co.jp> wrote

> Can it be done?

Okay, as usually happens when I get worn out and through a question to
the list, I went back and did another search, and found several pages
that indicate the GUI tool cannot do ranges, and it overwrites any
changes we make by hand, so we don't want to use the GUI gadget once we
get into details like port ranges.

> If not, what do most people do when opening the netBIOS ports for samba
> (those who use samba, that is)? I assume, even though it only buys a
> speedbump, most people only open the netBIOS ports to the local net.

So the answer would seem to be hand editing --

> Manual editing of /etc/sysconfig/iptables (in spite of
> system-config-securitylevel warning away from that)?
> 
> Incidentally, when adding rules from the shell, I seem to have noticed
> that you can't specify multiple protocols and multiple ports in the same
> line like
> 
>     iptables -A INPUT -p ALL -i eth0 -s 10.5.0.0/22 --destination-port
> 137:139 -j ACCEPT
> 
> Seems that -p All and --destination-port start:end conflict with each
> other. Am I imagining things?

Thanks for listening.

-- 
Joel <rees at ddcom.co.jp>




More information about the fedora-list mailing list