IP Tables -- could anyone guide me?

xyleo · 04-04-2006, 01:00 AM

Dear Fan's of Linux,

I am new to these IP Tables, could anyone help me on how to manipulate

Currently i wanted to add in a rules for a particular IP segment only to be accessible to the local machine. does any one know how to do so.

Thanking a million..

visitashu · 04-04-2006, 01:18 AM

hi...
u can set rules to whatever souces u want to debar from ur server machine.
#iptables -A INPUT -s 192.168.a.b -d 192.168.x.y -p tcp --dport 23 -j DROP

now this command 'll stop TELNET service from machine a.b to ur machine x.y
#sysctl -p
n c the net.ipv4.ip_forward=0 line //by default
set this to 1
what ever rules u set at this stage gets written to /etc/sysconfig/iptables
which by default is empty
also edit /etc/sysconfig/iptables-config enables YES to service u need
then start ur IPTABLE service in runlevels 235
check out n reply if this works

JakeX · 04-04-2006, 12:48 PM

I found a great firewall script you could work off of here:
http://www.linuxquestions.org/questi...d.php?t=430360

Enjoy, I use it as my base setup for other linux boxes, works well, just need to customize for your particular setup.

win32sux · 04-05-2006, 02:52 AM

if what you want is to make it so that the box only has access to a certain subnet then you want to use the OUTPUT chain, not the INPUT chain... example:

Code:

iptables -P OUTPUT DROP

iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

iptables -A OUTPUT -d 192.168.1.0/24 -m state --state NEW -j ACCEPT

in the above example, the box would only be allowed to make connections to subnet 192.168.1.0/24...

you could also use a simpler way which doesn't use packet state filtering:

Code:

iptables -P OUTPUT DROP

iptables -A OUTPUT -d 192.168.1.0/24 -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT