Re: Can't establish connection -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 26/05/10 09:54, Bob Goodwin wrote:
> On 26/05/10 04:09, Tim wrote:
>> On Tue, 2010-05-25 at 16:19 -0700, Rick Stevens wrote:
>>> If you want to log ALL new connections from box6 (remember that the
>>> "-s" bit is specifying connections coming FROM box6), use the "-I"
>>> version.
>> Yes, and you certainly want any logging rules before any ignoring rules,
>> because not only will such connections be ignored (not connecting),
>> they'll never get logged, either.
>>
>> On the other hand, if you want to log things that got past your
>> firewall, then you do want logging rules set after firewall rules.
>>
>
>    Well then if line location is important what I need is to be able to
>    add/modify the iptables file with a text editor, not via some
>    command. What is the name of the file I need to work on?
>
>    I'll look for it, see what I can find.
>
>    Thanks.
>
>    Bob
>
>
>
>


    less /etc/sysconfig/iptables  Produces the following. Is this the
    file I need to work on? It looks "simpler" than I expected but I am
    admonished not to "customize" it manually?

        # Firewall configuration written by system-config-firewall
        # Manual customization of this file is not recommended.
        *filter
        :INPUT ACCEPT [0:0]
        :FORWARD ACCEPT [0:0]
        :OUTPUT ACCEPT [0:0]
        -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
        -A INPUT -p icmp -j ACCEPT
        -A INPUT -i lo -j ACCEPT
        -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT
        -A INPUT -m state --state NEW -m tcp -p tcp --dport 631 -j ACCEPT
        -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT
        -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
        -A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
        -A INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT
        -A INPUT -m state --state NEW -m udp -p udp --dport 5060 -j ACCEPT
        -A INPUT -m state --state NEW -m udp -p udp --dport 8000:8005 -j
        ACCEPT
        -A INPUT -m state --state NEW -m udp -p udp --dport 5198:5200 -j
        ACCEPT
        -A INPUT -j REJECT --reject-with icmp-host-prohibited
        -A FORWARD -j REJECT --reject-with icmp-host-prohibited
        COMMIT
        ~
        ~
        ~

    Bob

    -- 

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux