newbie question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello, I hope this is not to simple to post. I have not quite got
IPTABLEs use down.

I am looking at setting up local firewalls on  a cluster of machines
(almost 100 linux boxes running RH 7.3 and 8.0).  The login nodes for
the cluster have extensive hardware based firewalling rules.  

On the rest of the cluster I would like to set IPTABLEs to accept
everything within the subnet and drop the anything from and outside
address.

My thought for setting the rules on each machine is by pushing out and
running a bash script.
Is it possible to simply set up a firewall with something as simple as:


#!/bin/bash
#

service iptables stop

iptables -F

iptables -A INPUT -m limit -j LOG
iptables -A OUTPUT -m limit -j LOG


iptables -A INPUT -s 130.xxx.xxx.128/25  ACCEPT
#rule here to drop all non 130.xxx.xxx.128/25

iptables -P FORWARD DROP
iptables -P INPUT DROP

service iptables save


We have a subnet of 130.xxx.xxx.128/255.255.255.128  
How can I define a mandatory drop of everything not in
130.xxx.xxx.128/255.255.255.128? 

Finally what risks am I taking by doing this?  Other than if someone
hacks into one of the login nodes, I realize this would then give them
access to the rest of the cluster.

All thoughts, advice and suggestions very welcome.  Thank you in
advance.

Sincerely,
Scott Melnyk



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux