iptables trusted host

msrinath80 · 08-12-2004, 03:37 PM

Hi,

I have 2 GNU/Linux workstations here both of which are permanently connected to the internet. I want to ensure that the two trust each other for all port exchanges between them and reject (use predefined filters) for all outside connections.

How would I ensure that the two trust each other for all connections, specifically what line would I need to add in /etc/sysconfig/iptables assuming I know the IP address(es) that are to be trusted.

Thank you for your time!

Obie · 08-12-2004, 03:42 PM

You can define iptables to accept all protocols and only allow the source and destination address for those protocols limited to your ip range.

#For outgoing appending
iptables -A OUTPUT -p all -source Local_PC_IP -d Remote_PC-IP -j ACCEPT

#For incoming appending
iptables -A INPUT -p all -source Local_PC_IP -d Remote_PC-IP -j ACCEPT

This example is rather simplistic and you can define more rules.

barisdemiray · 08-12-2004, 04:34 PM

Quote:

Originally posted by Obie

#For outgoing appending
iptables -A OUTPUT -p all -source Local_PC_IP -d Remote_PC-IP -j ACCEPT

#For incoming appending
iptables -A INPUT -p all -source Local_PC_IP -d Remote_PC-IP -j ACCEPT

I think the second one should be as

Code:

iptables -A INPUT -p all -source Remote_PC-IP -d Local_PC-IP -j ACCEPT

To allow other hosts packets in INPUT chain by setting --source as it's IP. And i think the rules below should also work..

Code:

iptables -I INPUT --source OTHER_ONE -j ACCEPT
iptables -I OUTPUT --destination OTHER_ONE -j ACCEPT

Easier to maintain

Obie · 08-12-2004, 06:20 PM

quote
---------------------------------
iptables -A INPUT -p all -source Remote_PC-IP -d Local_PC-IP -j ACCEPT
---------------------------------

Sorry I agree. My mistake :-)

msrinath80 · 08-14-2004, 06:57 PM

Hi guys,

Thanks a lot. This is what I did:

-I INPUT --source ip_address_here -j ACCEPT
-I OUTPUT --destination ip_address_here -j ACCEPT

AND IT WORKED

Thanks!