HELP, Need quick iptables rules
in [Linux Networking]
|
From: akak01000101 on 15 Jan 2008 03:18 I'm a newbie to iptables and need quick iptables rules that say any node can connect inbound to the linux server from subnets 192.168.1.0/24 and 192.168.2.0/24 to port 8000 via TCP, and deny all other networks. Any help is greatly appreciated! Thanks... -akak
From: Ashish Shukla =?utf-8?B?4KSG4KS24KWA4KS3IOCktg==?==?utf-8?B?4KWB4KSV4KWN4KSy?= on 15 Jan 2008 08:49 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> On Tue, 15 Jan 2008 00:18:45 -0800 (PST), akak01000101(a)gmail.com said: akak01000101> I'm a newbie to iptables and need quick iptables rules that say any akak01000101> node can connect inbound to the linux server from subnets akak01000101> 192.168.1.0/24 and 192.168.2.0/24 to port 8000 via TCP, and deny all akak01000101> other networks. /sbin/iptables -A INPUT --src-host 192.168.1.0/24 -p tcp --dport 8000 -j ACCEPT /sbin/iptables -A INPUT --src-host 192.168.2.0/24 -p tcp --dport 8000 -j ACCEPT HTH - -- Ashish Shukla à¤à¤¶à¥à¤· शà¥à¤à¥à¤² http://wahjava.wordpress.com/ ·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHjLoOHy+EEHYuXnQRAhTsAJ9+2Tp/KGOpYl/KNBTfBly68LcAQACglbAK lBQEpPD39f/OhQvnO/CL6ow= =H2gN -----END PGP SIGNATURE-----
From: Ashish Shukla =?utf-8?B?4KSG4KS24KWA4KS3IOCktg==?==?utf-8?B?4KWB4KSV4KWN4KSy?= on 15 Jan 2008 10:24 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "à¤à¤¶à¥à¤·" == Ashish Shukla à¤à¤¶à¥à¤· शà¥à¤à¥à¤² <wahjava(a)gmail.com> writes: >>>>> On Tue, 15 Jan 2008 00:18:45 -0800 (PST), akak01000101(a)gmail.com said: akak01000101> I'm a newbie to iptables and need quick iptables rules that say any akak01000101> node can connect inbound to the linux server from subnets akak01000101> 192.168.1.0/24 and 192.168.2.0/24 to port 8000 via TCP, and deny all akak01000101> other networks. Forgot to mention deny rule. à¤à¤¶à¥à¤·> /sbin/iptables -A INPUT --src-host 192.168.1.0/24 -p tcp --dport 8000 -j ACCEPT à¤à¤¶à¥à¤·> /sbin/iptables -A INPUT --src-host 192.168.2.0/24 -p tcp --dport 8000 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 8000 -j DROP HTH - -- Ashish Shukla à¤à¤¶à¥à¤· शà¥à¤à¥à¤² http://wahjava.wordpress.com/ ·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHjNAqHy+EEHYuXnQRAiFuAJ49WXX7YIqiEVLKDhIk8VqVtJ1oIgCgupD5 onFhmfXFu/gZIV//0MSGkEk= =tIk1 -----END PGP SIGNATURE-----
From: habibielwa7id on 16 Jan 2008 04:08 On Jan 15, 5:24 pm, wahj...(a)gmail.com (Ashish Shukla à¤à¤¶à¥à¤· शà¥à¤à¥à¤²) wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > >>>>> "à¤à¤¶à¥à¤·" == Ashish Shukla à¤à¤¶à¥à¤· शà¥à¤à¥à¤² <wahj...(a)gmail.com> writes: > >>>>> On Tue, 15 Jan 2008 00:18:45 -0800 (PST), akak01000...(a)gmail.com said: > > akak01000101> I'm a newbie to iptables and need quick iptables rules that say any > akak01000101> node can connect inbound to the linux server from subnets > akak01000101> 192.168.1.0/24 and 192.168.2.0/24 to port 8000 via TCP, and deny all > akak01000101> other networks. > > Forgot to mention deny rule. > > à¤à¤¶à¥à¤·> /sbin/iptables -A INPUT --src-host 192.168.1.0/24 -p tcp --dport 8000 -j ACCEPT > à¤à¤¶à¥à¤·> /sbin/iptables -A INPUT --src-host 192.168.2.0/24 -p tcp --dport 8000 -j ACCEPT > > /sbin/iptables -A INPUT -p tcp --dport 8000 -j DROP > > HTH > - -- > Ashish Shukla à¤à¤¶à¥à¤· शà¥à¤à¥à¤² http://wahjava.wordpress.com/ > ·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFHjNAqHy+EEHYuXnQRAiFuAJ49WXX7YIqiEVLKDhIk8VqVtJ1oIgCgupD5 > onFhmfXFu/gZIV//0MSGkEk= > =tIk1 > -----END PGP SIGNATURE----- -But be careful where to put these rules. they may not work if there any other rules before them may block the traffic for example,so beware,and you may input them as first rules so no other earlier rule can affect them. So some times don't use -A and use -I with arule number like /sbin/iptables -I INPUT 1 -s 192.168.1.0/24 -p tcp --dport 8000 -j ACCEPT /sbin/iptables -I INPUT 2 -s 192.168.2.0/24 -p tcp --dport 8000 -j ACCEPT /sbin/iptables -I INPUT 3 -p tcp --dport 8000 -j DROP And then don't forget to store the new rules you added. So you don't lose them when you restart your system. wishes
|
Pages: 1 Prev: Need critique, wrote a mini howto on PXE boot of Ubuntu netinstall Next: tunneling |