On Thu, 2005-08-25 at 06:21 -0400, Greg Swallow wrote: > Looks like all I need is to open a two-way hole for each port in > firewall. I should be able to get the rules in and saved, but again > it's been long enough that building each rule line escapes me. If you're doing it by hand, read the iptables man file. I don't use the abbreviations, it's easier to remember how to do them that way. e.g. iptables --append INPUT --jump DROP \! --in-interface eth+ --source 192.168.0.0/16 (Drop traffic that's not coming from the eth0 interface, but has private IP addresses. Which pretty much says allow all local traffic, by itself, though I have other rules in combination.) Otherwise, you can use the (security level) GUI tool, and just add in the ports you want to trust. -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.