Re: Use iptables to accept packets from IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



tony.chamberlain@xxxxxxxxx wrote on Thursday 09 August 2007:

> I read a bit about how you can drop packets with iptables.
> I was wondering whether you could do just the opposite,
> use iptables to specify only the IPs you will accept from?

Of course you can.

iptables -P DROP
iptables -A INPUT -s <trusted_ip_here> -j ACCEPT

This scenario (accepting only specific IP packets) is more secure but also 
more difficult to setup. The above example sets the default policy for 
incoming IP packets to DROP, unless you define a rule (in this example 
the second one) which allows them in.

Read this: 
http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html

> We can't use firewalls, and I don't understand selinux well enough
> to know if it will do what we want. we can't really use VPN either.

I suppose you are mixing things up.

A firewall is a dedicated computer which filters packets between the 
internet and the local net. Some people call a packet filter 
a "firewall".
Selinux is a security patch for the linux kernel which main purpose is to 
restrict applications' priviledges beyond the simple owner/group/other 
scheme.
VPN stands for Virtual Private Network and stands for a secure tunnel 
between two (trusted) local nets over the internet. There are several 
implementations of it, e.g. OpenVPN, IPSec, SSH-IP-Tunneling...

All three terms are related but independent.

-- 
Bye,
Adalbert

A right is not what someone gives you; it's what no one can take from 
you. -- Ramsey Clark


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux