Re: iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Strong wrote:
On Fri, 09 Nov 2007 08:17:44 +0900 John Summerfield
<debian@xxxxxxxxxxxxxxxxxxxxxx> wrote:
He posted his rules to the list. His policy is accept, but he had a global reject that would cause the message he saw.

Where in the global reject was?

Does this help?
# service iptables stop
No. How it can help, if no route is specified?

But I have changed to this:
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j MASQUERADE
and now it works. Weird that adding the last line (without 'iptables '
at the line beginning, of course) to the iptables file did error message
at iptables restart. But loaded from command line is fine. How I can
save the rules to survive reboot? Is there a tool provided for the
iptables configuration, not system-config-security?

I personally would not take the REJECT out of the table, change the policy to ACCEPT, or any such thing which might leave the smallest hole for evil doers. By putting in the ACCEPT rules you can let your guest have access. I would also not let in everything from the whole private network, I would restrict the range and apply an interface restriction to limit your exposure.

--
Bill Davidsen <davidsen@xxxxxxx>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux