On Thursday 2005-August-11 08:16, Ralph Blach wrote:
> I have a Fedora 3 core 86_64 box running with this rule set as
> generated by the fedora firewall bring up. Eth1 is a trusted
I haven't seen it recently, but I know that older versions of Fedora
(and Red Hat) default firewalls are utterly useless. If you want to
learn iptables yourself, fine; if not, look on freshmeat for something
better. Just about anything you might find is probably better.
At this time I don't have something specific I can recommend. Before I
learned iptables I used MonMotha's, but that's too complicated for my
liking.
> What rule set do I add so that ports on eth1 above 1024 will be
> accessable on eth1 and tftp will work?
Wrong question. Use stateful inspection as described in the Packet
Filtering HOWTO. The ipchains-style approach of opening high ports is a
terrible idea, completely unnecessary with iptables.
I could answer your question, but I won't. It is documented in the
manual, of course.
> Here is the rule set
> /etc/rc.d/init.d/iptables status
No, that's not. It doesn't tell us much at all. iptables-save(8) output
is far more useful.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
