On Mon, 2005-01-31 at 19:56 -0500, Robert L Cochran wrote: > >>> > >>Thank you. How do I implement iptables rules without interfering with > >>what the Security Level applet sets? > >> > >>Bob > >> > >> > >> > > > >Very simply, open up a terminal, su over to root. Add the iptables > >rules tgat you want. > > > >When you are finshed, service iptables save will make them permanent > > > >MC > > > > > > > Thank you. I am assuming that the Security Level applet adds its own > iptables rules. Is this correct? So it would drop all inbound > connections on all ports to start with, and allow in only the the > connections I permit through the applet. > > If I'm right about the above, then I can just do what you say: just add > the new iptables rules I'm interested in, enter 'service iptables save', > and they become permanent. Am I still right? > > Now suppose I screwed up and made a mistake. Can I change the rules I > messed up? > > Thanks > > Bob > Essentially yes, system-config-secutitylevel works the same way. For example, If you were to add for Other ports: 445:tcp in the applet. It would add this to the chain: ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds The same effect can be achieved by iptables -A INPUT -p TCP -dport 445 -d 192.168.1.1 -j ACCEPT and then service iptables save All of the available options are in man iptables, there are also some very helpful pages on the web Disclamer, I have not worked with iptables in a long time, feel free to correct my syntax MC
