Use iptables to accept packets from IP
Adalbert Prokop
adalbert.prokop at gmx.de
Thu Aug 9 19:39:18 UTC 2007
tony.chamberlain at lemko.com wrote on Thursday 09 August 2007:
> I read a bit about how you can drop packets with iptables.
> I was wondering whether you could do just the opposite,
> use iptables to specify only the IPs you will accept from?
Of course you can.
iptables -P DROP
iptables -A INPUT -s <trusted_ip_here> -j ACCEPT
This scenario (accepting only specific IP packets) is more secure but also
more difficult to setup. The above example sets the default policy for
incoming IP packets to DROP, unless you define a rule (in this example
the second one) which allows them in.
Read this:
http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html
> We can't use firewalls, and I don't understand selinux well enough
> to know if it will do what we want. we can't really use VPN either.
I suppose you are mixing things up.
A firewall is a dedicated computer which filters packets between the
internet and the local net. Some people call a packet filter
a "firewall".
Selinux is a security patch for the linux kernel which main purpose is to
restrict applications' priviledges beyond the simple owner/group/other
scheme.
VPN stands for Virtual Private Network and stands for a secure tunnel
between two (trusted) local nets over the internet. There are several
implementations of it, e.g. OpenVPN, IPSec, SSH-IP-Tunneling...
All three terms are related but independent.
--
Bye,
Adalbert
A right is not what someone gives you; it's what no one can take from
you. -- Ramsey Clark
More information about the fedora-list
mailing list