Hello, I would like to add new default iptables to my kickstart machines that allow all connections within our subnet and drop everything else. our subnet is: 130.237.230.xxx/255.255.255.128 Any thoughts on how best to do this? I would like a default drop of everything from outside the subnet and accept from within. I am considering installing a shell script in %post like this: pull down a file called firewall_rules which is: #!/bin/bash service iptables stop iptables -F iptables -A INPUT -m limit -j LOG iptables -A OUTPUT -m limit -j LOG #let loopback work iptables -A INPUT -s 127.000.000.000 accept #here is where I would like to drop all outside packets iptables -A INPUT -s 130.237.230.xxx/25 (is this correct for 255.255.255.128?) #and what is the best way to drop everything else? service iptables save then have it run in firstboot and delete itself. cat > /etc/init.d/firstboot <<EOF /root/firewall_rules chkconfig --add iptables rm -rf /etc/init.d/firstboot /etc/rc5.d/S999firstboot EOF chmod 755 /etc/init.d/firstboot ln -s /etc/init.d/firstboot /etc/rc5.d/S999firstboot I need help with the iptables commands themselves in the firewall_rules ie the proper order they should run, and the actual commands. I have choosen this way of doing everything in firewall_rules so in the future if I want to change it I can edit the file and ./firewall_rules Any ideas, thoughts, help? Thanks, Scott
