Peter, Thank you for the hint (/32) I've added my DNS & GW, and I can connect from anywhere within the allowed range, I also can get out to the Net, but... This setup prevents any returning packet from the Net to get in... I presume this is related to the connection state, but I don't have a clue about how to set this up properly. My script is the following : # Start from a clean situation iptables -F # Authorised range iptables -A INPUT -s 127.0.0.1/32 -j ACCEPT iptables -A INPUT -s 111.222.333.211/32 -j ACCEPT iptables -A INPUT -s 111.222.333.212/32 -j ACCEPT iptables -A INPUT -s 111.222.333.213/32 -j ACCEPT iptables -A INPUT -s 111.222.333.214/32 -j ACCEPT iptables -A INPUT -s 111.222.333.215/32 -j ACCEPT iptables -A INPUT -s 111.222.333.216/32 -j ACCEPT iptables -A INPUT -s 111.222.333.217/32 -j ACCEPT iptables -A INPUT -s 111.222.333.218/32 -j ACCEPT iptables -A INPUT -s 111.222.333.219/32 -j ACCEPT # DNS1-DNS2 iptables -A INPUT -s 111.222.333.131/32 -j ACCEPT iptables -A INPUT -s 111.222.333.141/32 -j ACCEPT # Gateway iptables -A INPUT -s 111.222.333.254/32 -j ACCEPT # Drop all the rest iptables -A INPUT -s ! 111.222.333.219/32 -j DROP iptables -L # On Fri, September 15, 2006 2:30 pm, Chiu, PCM \(Peter\) said: > I would suggest > > iptables -F > iptables -A INPUT -s x.y.z.211/32 -j ACCEPT > iptables -A INPUT -s x.y.z.212/32 -j ACCEPT > .... > iptables -A INPUT -s ! x.y.z.219/32 -j DROP > > You may also need to include your own default router and dns server to > the accept list, > otherwise you won't get out. > > Peter -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
