Am Mo, den 28.03.2005 schrieb Neil Dugan um 3:15: > > Thanks - that was it. I added: > > > > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT > > > > to /etc/sysconfig/iptables and the Sun is shining once again. > > > I am doing the same thing but I used a different command to open the > port though the firewall. > -A RH-Firewall-1-INPUT -p tcp --dport 5901 -j ACCEPT > > As this is different from above could there be any problem using this? > > Regards Neil The difference between yours and Richard's iptables rule is, that he uses the "state" of the connection to decide about the acceptance. You omit that part. As the default iptables rules of the Fedora Core firewall setup have a rule which allows all incoming connections in state ESTABLISHED and RELATED, the "--state NEW" command is not really necessary. Although it can make the structure of the iptables rules more clear. If still in doubt Neil, feel free to ask again, as understanding the rules you use is elementary for securing your system's services. Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.10-1.770_FC2smp Serendipity 14:05:49 up 11 days, 11:02, load average: 0.53, 0.56, 0.49
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
