On February 12, 2004 08:49 am, Baltasar Caramés wrote: > <html><div style='background-color:'><DIV class=RTE> > <P>hi, i need to block port 8080 and allow only the localhost ip, i'm new > at linux and i have no idea how to do this, do i have to download ipfilter > or there's already a way to do that in the system. </P> <P>My linux is red > hat 7.3 and i'm working via telnet so i don't have any visual enviroment, > if anybody can help me i would really appreciate it, thx, > byee<BR><BR></P></DIV></div><br clear=all><hr>MSN Fotos: la forma más fácil > de compartir e imprimir fotos. <a > href="http://g.msn.com/8HMAESMX/2749??PS=";>Haz clic aquí </a> Get 2 months > FREE*. </html> Hi Baltasar, First, you should use plain test (not html) for your posts, presuming hotmail lets you do that(?). I beleive RH 7.3 comes with both IPchains and IPtables. You want to use IPtables (netfilter). However, it is probably simpler to set apache to bind only to 127.0.0.1:8080. Look for something like: Listen 8080 and change it to: Listen 127.0.0.1:8080 Of course, ading IPtables filtering will enhance that, plus allow you to offer port 80 to the world if you want. You may want to get a fresh copy as the one that shipped with RH7.3 would be dated. I would grab anew iptables from netfilter. (removing the old rpm first may keep things simple or you may end up with multiple binaries etc) IPtables can be set up in many ways. I put a sample of a _very_ simple firewall to run on a single system (1 nic only, not a 2 or 3 way firewall) at http://nesbitt.yi.org/downloads/iptables.txt It will allow web requests on port 80, and that's about it. I have left out lots of paranoid checks, logs, etc. but it should get you going. It replaces (save a backup, it was created as [untested] cut 'n paste) "/etc/init.d/rc.d/iptables" (and may need editing for path to iptabes etc) Once that is in place, see what is running: service ipchains status (or /etc/init.d/rc.d/ipchains status) service iptables status (or /etc/init.d/rc.d/iptables status) You may need to stop IPchains, and then start iptables. service ipchains stop (or /etc/init.d/rc.d/ipchains stop) service iptables start (or /etc/init.d/rc.d/iptables start) or just in no chains running restart iptables: service iptables restart (or /etc/init.d/rc.d/iptables restart) To make that permanent; chkconfig ipchains off chkconfig iptables on Hope that makes some sence. -- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
