ip tables in fedora core 5
hi all,
well I have prepared a simply web server running Apache and I am interested in setting up a firewall which will block all outside access to this server except for port 80 traffic.. can anybody help me in this setup, i will really apperciate thanks in advance |
What help do you need? Do you need the iptables script?
You could use something like this; iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -j REJECT |
You may want to rethink using FC5 as a web server. It has not had any updates (of any kind) for a few years. Fedora is currently on Fedora 10(just to give you an idea how far you are behind). You may want to consider Centos 5 instead. Centos is RHEL(Red Hat Enterprise Linux) with the logos removed. It is free to download/update (unlike RHEL) and has a five year support life(as opposed to Fedora's 13month support life). Centos 5 was based on FC6 so it will "feel" reasonably close to FC5.
|
thanks for the input, basically if there is any scripts it would help alot because I really don't know iptables and ipchains so well, I mean I can work but not an expert.
also I'll try downloading the centos 5.2 which is the lastest release and in the mean time if anyone can help me build iptables and ipchains firewall it would be great, previously I had used aron-iptables-firwall but in that scenario I was doing NAT and was using the machine as gateway for small workgroup. But in this case there is no NAT & no gateway, just a simple firewall to block all outside access on it expect for port 80 which is the webserver. Thanks in advance |
Try the two iptables commands that I gave in the previous post #2. Look if they are what you need. You do not say much and do not give information on what you have tried.
On the basis of what you have said you need those two will deny access to all the ports other than 80. You could add another rule to make the default rule for INPUT chain to DROP. iptables -A INPUT -P DROP |
Quote:
|
It will. You will need to open ssh port either through tcpwrappers or iptables.
If you want ssh port to be open for your machine you will need to add another online rule iptables -A INPUT -s youipaddress --dport 22 -j ACCEPT or you can add a line in /etc/hosts.allow sshd:<youripaddress> Edit: But make sure that you insert all the rules before DROP. Otherwise they wont work. |
Quote:
Bad argument `22' Try `iptables -h' or 'iptables --help' for more information. |
I have put the entries in hosts.allow file and also did the port 80 using iptables, but another small question, won't I have to restart some services in order to get the new iptables to work or they will automatically become active
|
No they wont automatically reload new rules. You will need to save new rules and reload iptables. Man iptables for any information.
I forgot one parameter there -d yourserveraddress. iptables -A INPUT -s youripaddress -d yourserveraddress --dport 22 -j ACCEPT |
You may want to have a look at the following link: http://iptables-tutorial.frozentux.n...-tutorial.html - been a while since I looked at it, but I remember it did come in handy in the past.
|
iptables v1.3.5: Unknown arg `--dport'
Try `iptables -h' or 'iptables --help' for more information same error message.... :S also these iptables will not stop this machine to communicate with other machines on e.g. port 53 DNS for query . |
man iptables is what you need. By default you should not have problems contacting your dns.
|
Quote:
|
see the man page for iptables why --dport option is giving error.
Edit: This script will do what you want. Allow ssh traffic but deny other. So you will need to edit it to allow port 80 as well. http://www.cyberciti.biz/tips/linux-...allow-ssh.html |
All times are GMT -5. The time now is 04:24 PM. |