Am Mi, den 24.11.2004 schrieb Cassius V. de Magalhaes um 14:34: > Does $YOUR_INPUT_INTERFACE is eth0 for example? Could be eth0 for example, yes. If you have 2 ethernet devices because of 2 network cards - 1 NIC for internal net, 1 NIC to the public internet - it could too be ppp0 or eth1. > The iptables -L doesn't show any interface, only "RH-Firewall-1-INPUT" > as the "target" field. "RH-Firewall-1INPUT" is a so called chain. I think the simply firewall Fedora comes with has no distinction between several interfaces. It knows "lo" (loopback device) and the rest. The rules Fedora comes with and the possible settings using the system-config-security do not allow to setup anything advanced. If you have advanced needs then you either know the iptables syntax and create your own custom rulesets or you use a GUI tool like firestarter which you hopefully understand. > I have tryed the command under with $YOUR_INPUT_INTERFACE set up to > RH-Firewall-1-INPUT, but it showed "interface name > `RH-Firewall-1-INPUT' must be shorter than IFNAMSIZ (15)". I kept the example line general because I don't know your hardware setup. if you have an ethernet device eth0, which is the device you want to block access to from a specific host range, then $YOUR_INPUT_INTERFACE would be eth0. The INTERFACE is no chain. > TIA, Vinicius. www.netfilter.org is the recommended site to read and understand iptables syntax. netfilter is the part of the kernel doing the packet checking and iptables is the userland tool for root to administer the netfilter part. Alexander -- Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp Serendipity 16:59:32 up 4 days, 11:47, load average: 1.17, 0.57, 0.36
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
