LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-25-2006, 05:09 AM   #1
Swakoo
Member
 
Registered: Apr 2005
Distribution: Red Hat / Fedora / CentOS
Posts: 508

Rep: Reputation: 30
How do I append to iptables?


I am using Redhat (RHEL) and usually edit the file /etc/sysconfig/iptables to manually input entries.

I'm sure that's not a good practice... but i tried entering the following at prompt, but when i view iptables file, the entries aren't there... is there a 'proper' way of doing it? or should i just append the file manually?

Quote:
iptables -A INPUT -f -j ACCEPT -s ip.pc.client
iptables -A INPUT -s ip.pc.client -d 0/0 4000:4003 -p 6 -j ACCEPT
iptables -A INPUT -s ip.pc.client -d 0/0 4000:4003 -p 17 -j ACCEPT
iptables -A INPUT -s ip.pc.client -d 0/0 2049 -p 17 -j ACCEPT
iptables -A INPUT -s ip.pc.client -d 0/0 2049 -p 6 -j ACCEPT
iptables -A INPUT -s ip.pc.client -d 0/0 111 -p 6 -j ACCEPT
iptables -A INPUT -s ip.pc.client -d 0/0 111 -p 17 -j ACCEPT
iptables -A INPUT -s 0/0 -d 0/0 -p 6 -j DENY --syn --log-level 5
iptables -A INPUT -s 0/0 -d 0/0 -p 17 -j DENY --log-level 5
ThankS!

ps: am reading this site that's why http://www.ba.infn.it/calcolo/docume....html#Firewall

Last edited by Swakoo; 07-25-2006 at 05:22 AM.
 
Old 07-25-2006, 05:58 AM   #2
cdhgee
Member
 
Registered: Oct 2003
Location: St Paul, MN
Distribution: Fedora 8, Fedora 9
Posts: 513

Rep: Reputation: 30
No, don't append the file manually. This is a much better way to do it:

Step 1. Dump the iptables rules to a file:

Code:
iptables-save > firewall-config.txt
Step 2. Edit the file you've just exported to as required, adding/amending/deleting rules as required

Step 3. Load the new rules:

Code:
iptables-restore < firewall-config.txt
Step 4. Check that everything works as expected. If it does, flush the rules:

Code:
service iptables save
If things aren't working as expected, revert to the previous ruleset:

Code:
service iptables restart
Regards
David
 
Old 07-26-2006, 10:22 AM   #3
drokmed
Member
 
Registered: Dec 2005
Location: St Petersburg, FL, USA
Posts: 220

Rep: Reputation: 31
If you are new to managing iptables (like me), there are plenty of nice GUI tools out there to assist.

Firewall Builder from www.fwbuilder.org is an example of an excellent GUI tool. It certainly makes my life easier...
 
Old 07-26-2006, 11:09 PM   #4
Swakoo
Member
 
Registered: Apr 2005
Distribution: Red Hat / Fedora / CentOS
Posts: 508

Original Poster
Rep: Reputation: 30
woah ok thanks guys!

but... if i am looking to set it for NFS Setup... you guys reckon where I should look for newer information? the above example was from the article...

I've been reading up some online, but doesn't work fully, and i have problems even getting the nfs lock manager to fix port, let along getting the iptables to work..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to append stderr? mathfeel Linux - General 3 06-16-2006 02:05 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 09:20 PM
append files Paul_R Linux - General 6 11-04-2005 07:15 AM
Append lines? HELP! jimmytango829 Linux - Hardware 1 07-08-2003 12:06 AM
append cd's hotrodowner Linux - Software 1 09-08-2002 03:53 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration