0
i use fedora 13, and i have firewall turned off now.
but i want to allow all incoming connections and outgoing connections except to a port P. i want to allow connection to port P only from certain ip address : A.B.C.D/24 and X.Y.Z.Z
how do i set this up? it is a remote server, and i do not have X installed so i cannot use apps like firestarter.
kevin
Posted 2010-08-22T04:47:04.083
Reputation: 1
0
After putting the appropriate iptables rules in place, you can run service iptables save to save the in-memory rules to a file that will be loaded each time the iptables service is started.
Don't forget to run chkconfig iptables on after so that the service actually starts each time.
Ignacio Vazquez-Abrams
Posted 2010-08-22T04:47:04.083
Reputation: 100 516
0
My two cents:
If you are talking about a port, this is already above the IP level, it's either tcp/udp. Iptables rules that contain a port number and no explicit tcp or udp argument will fail AFAIK. Investigate more the service that runs on that port to find out if it uses tcp or udp. If you need both tcp and udp, you will need to have duplicate rules for both tcp and udp.
To be honest, your question looks amateurish. Not because you don't know what to do, this is normal. Because of the way it is asked.
vtest
Posted 2010-08-22T04:47:04.083
Reputation: 4 424
0
Try:
# First, let's make a list of allowed sources
iptables -N restricted_port
iptables -A restricted_port -s A.B.C.D/24 -j ACCEPT
iptables -A restricted_port -s X.Y.Z.Z -j ACCEPT
# And REJECT other sources (or DROP, if you prefer)
iptables -A restricted_port -j REJECT
# Now, we intercept TCP/UDP accesses to port $P
iptables -A INPUT -p tcp --dport $P -g restricted_port
iptables -A INPUT -p udp --dport $P -g restricted_port
# Other incoming are okay
iptables -A INPUT -j ACCEPT
Save the rules with service iptables save
pepoluan
Posted 2010-08-22T04:47:04.083
Reputation: 962
Coming from a BSD pf background I find the iptables really hard to understand and obscure. But, I just want to recommend to you the fwbuilder software which takes the drudgery out of it. – Matt H – 2011-03-10T12:47:42.923