LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How do I append to iptables? (https://www.linuxquestions.org/questions/linux-security-4/how-do-i-append-to-iptables-467373/)

Swakoo 07-25-2006 04:09 AM
How do I append to iptables?
 
I am using Redhat (RHEL) and usually edit the file /etc/sysconfig/iptables to manually input entries.

I'm sure that's not a good practice... but i tried entering the following at prompt, but when i view iptables file, the entries aren't there... is there a 'proper' way of doing it? or should i just append the file manually?

Quote:
iptables -A INPUT -f -j ACCEPT -s ip.pc.client
iptables -A INPUT -s ip.pc.client -d 0/0 4000:4003 -p 6 -j ACCEPT
iptables -A INPUT -s ip.pc.client -d 0/0 4000:4003 -p 17 -j ACCEPT
iptables -A INPUT -s ip.pc.client -d 0/0 2049 -p 17 -j ACCEPT
iptables -A INPUT -s ip.pc.client -d 0/0 2049 -p 6 -j ACCEPT
iptables -A INPUT -s ip.pc.client -d 0/0 111 -p 6 -j ACCEPT
iptables -A INPUT -s ip.pc.client -d 0/0 111 -p 17 -j ACCEPT
iptables -A INPUT -s 0/0 -d 0/0 -p 6 -j DENY --syn --log-level 5
iptables -A INPUT -s 0/0 -d 0/0 -p 17 -j DENY --log-level 5
ThankS! :newbie:

ps: am reading this site that's why http://www.ba.infn.it/calcolo/docume....html#Firewall

cdhgee 07-25-2006 04:58 AM
No, don't append the file manually. This is a much better way to do it:

Step 1. Dump the iptables rules to a file:

Code:
iptables-save > firewall-config.txt
Step 2. Edit the file you've just exported to as required, adding/amending/deleting rules as required

Step 3. Load the new rules:

Code:
iptables-restore < firewall-config.txt
Step 4. Check that everything works as expected. If it does, flush the rules:

Code:
service iptables save
If things aren't working as expected, revert to the previous ruleset:

Code:
service iptables restart
Regards
David

drokmed 07-26-2006 09:22 AM
If you are new to managing iptables (like me), there are plenty of nice GUI tools out there to assist.

Firewall Builder from www.fwbuilder.org is an example of an excellent GUI tool. It certainly makes my life easier...

Swakoo 07-26-2006 10:09 PM
woah ok thanks guys!

but... if i am looking to set it for NFS Setup... you guys reckon where I should look for newer information? the above example was from the article...

I've been reading up some online, but doesn't work fully, and i have problems even getting the nfs lock manager to fix port, let along getting the iptables to work..


All times are GMT -5. The time now is 07:32 PM.