I would like to have a little more clear idea on what you need to do
exactly????
That is, DO you need to allow only 80 and 20 ports from the specified
ip?
In that case you can have
Iptables -P FORWARD DROP
Iptables -A FORWARD -p tcp -s 10.2.2.115 -m multiport --dports 80,22 -j
ACCEPT
The above rule will allow only 80 and 22 requests from that ip. Is this
clear or am I not answering what you are asking????
Regards,
Anisha Chandrasekaran
-----Original Message-----
From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of
plugthebox.net /dev/null
Sent: Wednesday, November 01, 2006 6:19 PM
To: netfilter
Subject: INPUT and PORTS
Hello,
I want to do the following, accept in comings from 10.2.2.115 only
restricting to port 80,22
is this correct?
-P rules ...
-F rules ...
/sbin/iptables -A FORWARD -d 10.2.2.115 -j ACCEPT
/sbin/iptables -A FORWARD -s 10.2.2.115 -j ACCEPT
/sbin/iptables -A INPUT -s 10.2.2.115 -j ACCEPT
/sbin/iptables -A FORWARD -m multiport -p tcp --ports 80,22 -j ACCEPT
/sbin/iptables -A INPUT -m multiport -p tcp --ports 80,22 -j ACCEPT
Eventhough i saw this setup in many tutorials/howtos, when ever i want
to block 10.2.2.115 (by not listing him in the INPUT -j ACCEPT), that ip
can still connect to port 80 and 22.
Thanks
Sincerely,
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com
