On Sat, 2005-01-29 at 20:32 -0500, Robert L Cochran wrote: > On Fedora Core 3, I want to enable the firewall, permitting inbound TCP > connections from anywhere on port 80. I also want to allow inbound > connections on port 3306 but only from hosts 192.168.1.1 and 192.168.1.2. > > It looks like I can't do this from the Applications --> System Settings > --> Security Level GUI. I can allow ports 80 and 3306, but it doesn't > look like I can limit the port 3306 connections to just 2 specific > hosts. I would have to craft an IPTABLES script. Am I right here, and if > so, what would be the right way to add specific IPTABLES rules without > interfering with the Security Level applet? ---- yeah - it's a very basic tool If you want to start messing with iptables...it's not hard - I've always used David Ranch's trinity os think stuff http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/c-html/stronger- firewall-examples.html#RC.FIREWALL-2.4.X-STRONGER but basically, you can simply add rules to that which you created with the system-config-securitylevel and the issue the command 'service iptables save' but that is mindless...if you ever run the system-config- securitylevel again, you will wipe out any custom stuff you added. I think this is how you would do one of the lines... /sbin/iptables -A INPUT -i eth0 -s 192.168.1.1/32 -p tcp --dport 3306 -j ACCEPT Craig