On Mon, 2004-07-26 at 18:56, jludwig wrote: > On Mon, 2004-07-26 at 21:43, Thomas Sapp wrote: > > I was wondering about how to change or add rules to the iptables. I > > read the man page for it but can't seem to quite grasp the concept > > apparently. Here is what I get from an iptables -t filter -L: > > ************************************************************************ > > Chain INPUT (policy ACCEPT) > > target prot opt source destination > > RH-Firewall-1-INPUT all -- anywhere anywhere > > > > Chain FORWARD (policy ACCEPT) > > target prot opt source destination > > RH-Firewall-1-INPUT all -- anywhere anywhere > > > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > > > Chain RH-Firewall-1-INPUT (2 references) > > target prot opt source destination > > ACCEPT all -- anywhere anywhere > > ACCEPT all -- anywhere anywhere > > ACCEPT icmp -- anywhere anywhere icmp any > > ACCEPT ipv6-crypt-- anywhere anywhere > > ACCEPT ipv6-auth-- anywhere anywhere > > ACCEPT all -- anywhere anywhere state > > RELATED,ESTABLISHED > > ACCEPT tcp -- anywhere anywhere state NEW > > tcp dpt:http > > ACCEPT tcp -- anywhere anywhere state NEW > > tcp dpt:https > > ACCEPT tcp -- anywhere anywhere state NEW > > tcp dpt:ftp > > ACCEPT tcp -- anywhere anywhere state NEW > > tcp dpt:ssh > > ACCEPT tcp -- anywhere anywhere state NEW > > tcp dpt:5801 > > ACCEPT tcp -- anywhere anywhere state NEW > > tcp dpt:5901 > > ACCEPT udp -- anywhere anywhere state NEW > > udp dpt:5801 > > ACCEPT udp -- anywhere anywhere state NEW > > udp dpt:5901 > > REJECT all -- anywhere anywhere reject-with > > icmp-host-prohibited > > ************************************************************************* > > > > I would like to change the settings for the ports for ftp, ssh, and VNC > > to only allow connections from 204.99.118.0/24 and so far this is what I > > have: > > > > iptables -t filter -R RH-Firewall-1-INPUT 9 -p tcp -s 204.99.118.0/24 > > > > All that does is produce an output similar to this: > > > > tcp -- 204.99.118.0/24 anywhere > > > > Can anyone help me with what I am doing wrong? How do I add the ACCEPT > > and the state? I have tried --state but it keeps telling me that it is > > an incorrect option. > > > > -- > > Thanks, > > Tom Sapp > > http://www.sappsworld.com > Try > iptables -t filter -R RH-Firewall-1-INPUT 9 -p tcp -s 204.99.118.0/24 -j > ACCEPT > > The rule is there but does nothing without a jump to filter (-j DROP, > ACCEPT, REJECT, etc) > -- > jludwig <wralphie@xxxxxxxxxxx> cool, thanks. That added the accept but what about the state NEW tcp dpt:ftp? It still tells me that --state is invalid and that is the only option I see to add that info. Sorry for the stupid questions. :-) -- Thanks, Tom Sapp http://www.sappsworld.com
