Re: Enable Firewall, But Allow Specific Inbound Connections

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



micheal wrote:

On Sun, 2005-01-30 at 04:53 -0500, Robert L Cochran wrote:


Gain Paolo Mureddu wrote:



Robert L Cochran wrote:



On Fedora Core 3, I want to enable the firewall, permitting inbound TCP connections from anywhere on port 80. I also want to allow inbound connections on port 3306 but only from hosts 192.168.1.1 and 192.168.1.2.

It looks like I can't do this from the Applications --> System Settings --> Security Level GUI. I can allow ports 80 and 3306, but it doesn't look like I can limit the port 3306 connections to just 2 specific hosts. I would have to craft an IPTABLES script. Am I right here, and if so, what would be the right way to add specific IPTABLES rules without interfering with the Security Level applet?

Thanks

Bob Cochran
Greenbelt, Maryland, USA



I (as the other posters) will recommend you to learn iptables, and if you want a very easy way to configure your firewall and build *quite* complex per-interface rule sets, I'd strongly recommend you take a look at fwbuilder (there are the packages for it in the pre-extras repo [http://fedoraproject.org/pre-extras])



Thank you. How do I implement iptables rules without interfering with what the Security Level applet sets?

Bob




Very simply, open up a terminal, su over to root. Add the iptables
rules tgat you want.


When you are finshed, service iptables save will make them permanent

MC



Thank you. I am assuming that the Security Level applet adds its own iptables rules. Is this correct? So it would drop all inbound connections on all ports to start with, and allow in only the the connections I permit through the applet.

If I'm right about the above, then I can just do what you say: just add the new iptables rules I'm interested in, enter 'service iptables save', and they become permanent. Am I still right?

Now suppose I screwed up and made a mistake. Can I change the rules I messed up?

Thanks

Bob


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux