Hello everyone, I'm creating an iptables firewall using Firewall Builder (fwbuilder.org). I like the clean shell scripts that FW Builder creates and have tested several of them on various test boxes. The latest firewall I'm needing to create is for a server (FC2,iptables v1.2.9) that I host several virtual websites/email on. This box has 3 static IP addresses on it. I also have built a few rules to allow certain IP's to have access to any port, any time (in case I screw something up, I can get back in and fix it as this box is at a server house and I have no console access.) I've generated a sample firewall and placed it here: http://kold.homelinux.com/homesvr.fw (bash shell script) The IP's are not real and probably not even associated with the right netmasks. The rules for addresses using 192.168* and 127.0.0.[234] are the ?static? IP's for me to get back in if something messes up. Otherwise I'm allowing all 9 services access and denying everything else. Here are a few questions: 1) Is there I can allow a dynamic hostname to have unlimited access to the server? For example, if I'm a Comcast subscriber the hostname to my cable modem is 12-134345-112.nashville.comcast.com or something like that. Is there a way I can create a firewall rule to allow all *.nashville.comcast.com requests for any port rather than a static IP? 2) Are there other restrictions I should place on the 9 ports I have open? If so, what are they? Thanks for any help, Kevin -- Kevin Old kevinold@xxxxxxxxx
