iptables rules
Barry Brimer
lists at brimer.org
Mon Mar 29 20:56:08 UTC 2010
> I've got a server with several ip's on eth0. I want to block all traffic
> *except* to port 80 on them, but not on any other IPs, so that
> eth0 is www.xxx.yyy.zzz
> eth0:1 is www.xxx.yyy.ggg
> eth0:2 is www.xxx.yyy.hhh
How about:
-A RH-Firewall-1-INPUT -d www.xxx.yyy.ggg -p tcp -m tcp --dport 80 -j
ACCEPT
-A RH-Firewall-1-INPUT -d www.xxx.yyy.ggg -j DROP
-A RH-Firewall-1-INPUT -d www.xxx.yyy.hhh -p tcp -m tcp --dport 80 -j
ACCEPT
-A RH-Firewall-1-INPUT -d www.xxx.yyy.hhh -j DROP
.. I don't follow which ones are supposed to allow other traffic and which
ones aren't .. but this syntax should work for the allow port 80 only
portion.
Barry
More information about the redhat-list
mailing list