IPTables to restrict an IP address to certain ports
Robert Spangler
bms at zoominternet.net
Fri Mar 18 22:44:39 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 18 March 2005 11:52, David Hoffman wrote:
> > I want to restrict, in IPTables, so that computer A can print on
> > computer B but can only file share and print.
>
> Then you don't want computer A to even have access to the internet,
> the only network connectivity it will have is to do file and printer
> sharing.
>
> I would include the three rules that I showed you earlier. If you want
> to be more precise, and only allow computer A to print and share files
> with computer B, but no other computers, then change the rules a
> little.
>
> Rule 1: ALLOW traffic from computer A with destination of computer B
> and with destination ports of 137:139
> Rule 2: ALLOW traffic from computer A with destination of computer B
> and with destination ports of 445
> Rule 3: DENY or REJECT all other traffic from computer A with ANY
> destination
2 rules:
iptables -A INPUT -i <interface> -m multiport --destination-port 137,139,445
iptables -A INPUT -i <interface> -j <DROP/REJECT>
Add source and destination addresses as needed
- --
Regards
Robert
Smile... it increases your face value!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFCO1nk0xJrO8dQYHgRAgJzAJsHD5+dO2EDwSZRjgt6Y2Xfk2n2XACgrK2Q
xDI7EfsfRoX1oM5YmCSBOhQ=
=K9ay
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list