iptables (Pete's notes)
When I installed Red Fedora Core 2, ipchains came turned on. I
later had to modify the /etc/sysconfig/iptables
file to allow more access. After modifying the file, do
/etc/init.d/iptables restart
I have an example iptables config
from Jeff Kuehn. Here is the contents of my file:
# Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
#
######## Allow any packets on the local interface (127.0.0.1)
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
######## Allow any packets that have the "established" bit set
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
######## Allow HTTP packets.
-A RH-Firewall-1-INPUT -p tcp --dport 80 -j ACCEPT
######## Allow ICMP packets
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
######## Allow NTP packets.
-A RH-Firewall-1-INPUT -p udp --dport 123 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 123 -j ACCEPT
######## Allow SNMP request and SNMP trap packets.
-A RH-Firewall-1-INPUT -p udp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 162 -j ACCEPT
######## Allow SNMP response packets.
-A RH-Firewall-1-INPUT -p udp --sport 161 -j ACCEPT
######## Allow SSH packets.
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
#
######## Reject everything else.
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
#
#-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
#-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
Pete Siemsen
Last modified: Tue Aug 23 09:38:15 MDT 2005