If you remove the --dport 2211 from the above rule, the firewall should allow all traffic from the 58.68.21.67 machine through.
-A RH-Firewall-1-INPUT -s 58.68.21.67 -p tcp -m state --state NEW -m tcp -j ACCEPT
Off the top of my head, to allow network traffic to pass for an entire domain, I would use:
-A RH-Firewall-1-INPUT -s 58.0.0.0/255.0.0.0 -p tcp -m state --state NEW -m tcp -j ACCEPT
you may need to adjust the -s 58.0.0.0/255.0.0.0 based on your network configuration.
Also, I would not recommend using firewall rules that allow all traffic to your machine from the domain in this manner. In my opinion, this could leave a lot of services unprotected if a hacker were to spoof an IP address on your network. I would recommend specifying the ports for the services you want people to access. I can try to give you a hand with this if you want.
HTH
Last edited by shaticus; 11-01-2011 at 12:33 PM.
Reason: reworded post
|