Re: Use iptables to accept packets from IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



tony.chamberlain@xxxxxxxxx wrote on Thursday 09 August 2007:

> I read a bit about how you can drop packets with iptables.
> I was wondering whether you could do just the opposite,
> use iptables to specify only the IPs you will accept from?

Of course you can.

iptables -P DROP
iptables -A INPUT -s <trusted_ip_here> -j ACCEPT

This scenario (accepting only specific IP packets) is more secure but also 
more difficult to setup. The above example sets the default policy for 
incoming IP packets to DROP, unless you define a rule (in this example 
the second one) which allows them in.

Read this: 
http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html

> We can't use firewalls, and I don't understand selinux well enough
> to know if it will do what we want. we can't really use VPN either.

I suppose you are mixing things up.

A firewall is a dedicated computer which filters packets between the 
internet and the local net. Some people call a packet filter 
a "firewall".
Selinux is a security patch for the linux kernel which main purpose is to 
restrict applications' priviledges beyond the simple owner/group/other 
scheme.
VPN stands for Virtual Private Network and stands for a secure tunnel 
between two (trusted) local nets over the internet. There are several 
implementations of it, e.g. OpenVPN, IPSec, SSH-IP-Tunneling...

All three terms are related but independent.

-- 
Bye,
Adalbert

A right is not what someone gives you; it's what no one can take from 
you. -- Ramsey Clark

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux