iptables rules
m.roth at 5-cent.us
m.roth at 5-cent.us
Mon Mar 29 21:03:13 UTC 2010
>> I've got a server with several ip's on eth0. I want to block all traffic
>> *except* to port 80 on them, but not on any other IPs, so that
>> eth0 is www.xxx.yyy.zzz
>> eth0:1 is www.xxx.yyy.ggg
>> eth0:2 is www.xxx.yyy.hhh
>
> How about:
>
> -A RH-Firewall-1-INPUT -d www.xxx.yyy.ggg -p tcp -m tcp --dport 80 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -d www.xxx.yyy.ggg -j DROP
> -A RH-Firewall-1-INPUT -d www.xxx.yyy.hhh -p tcp -m tcp --dport 80 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -d www.xxx.yyy.hhh -j DROP
>
> .. I don't follow which ones are supposed to allow other traffic and which
> ones aren't .. but this syntax should work for the allow port 80 only
> portion.
Yeah, I thought of that set, also, and the other was my manager's
suggestion. I've tried that, also, and still no joy.
*grump* (not you, just iptables....)
mark
More information about the redhat-list
mailing list