IPTables to restrict an IP address to certain ports

Robert Spangler bms at zoominternet.net
Fri Mar 18 22:44:39 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 18 March 2005 11:52, David Hoffman wrote:

>  > I want to restrict, in IPTables, so that computer A can print on
>  > computer B but can only file share and print.
>
>  Then you don't want computer A to even have access to the internet,
>  the only network connectivity it will have is to do file and printer
>  sharing.
>
>  I would include the three rules that I showed you earlier. If you want
>  to be more precise, and only allow computer A to print and share files
>  with computer B, but no other computers, then change the rules a
>  little.
>
>  Rule 1: ALLOW traffic from computer A with destination of computer B
>  and with destination ports of 137:139
>  Rule 2: ALLOW traffic from computer A with destination of computer B
>  and with destination ports of 445
>  Rule 3: DENY or REJECT all other traffic from computer A with ANY
> destination

2 rules:

iptables -A INPUT -i <interface> -m multiport --destination-port 137,139,445
iptables -A INPUT -i <interface> -j <DROP/REJECT>

Add source and destination addresses as needed


- -- 

Regards
Robert

Smile... it increases your face value!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCO1nk0xJrO8dQYHgRAgJzAJsHD5+dO2EDwSZRjgt6Y2Xfk2n2XACgrK2Q
xDI7EfsfRoX1oM5YmCSBOhQ=
=K9ay
-----END PGP SIGNATURE-----




More information about the fedora-list mailing list