Re: iptables rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



try allowing the port and put a block all traffic.

iptables -A INPUT -p tcp -d k.l.m.n --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -d w.x.y.z --dport 80 -j ACCEPT
iptables -A INPUT -j DROP


 
hth,
Sir June






----- Original Message ----
From: "m.roth@xxxxxxxxx" <m.roth@xxxxxxxxx>
To: CentOS <centos@xxxxxxxxxx>; redhat <redhat-list@xxxxxxxxxx>
Sent: Mon, March 29, 2010 3:48:01 PM
Subject: iptables rules

I've got a server with several ip's on eth0. I want to block all traffic
*except* to port 80 on them, but not on any other IPs, so that
eth0 is www.xxx.yyy.zzz
eth0:1 is www.xxx.yyy.ggg
eth0:2 is www.xxx.yyy.hhh

I've tried
-A RH-Firewall-1-INPUT -p tcp -d www.xxx.yyy.ggg --dport ! 80 -j DROP
-A RH-Firewall-1-INPUT -p tcp -d www.xxx.yyy.hhh --dport ! 80 -j DROP

and restarted (and several variants of this). iptables-save displays

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [769:48207]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -d  www.xxx.yyy.ggg -p tcp -m tcp ! --dport 80 -j DROP
-A RH-Firewall-1-INPUT -d www.xxx.yyy.hhh -p tcp -m tcp ! --dport 80 -j DROP
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
<...>
and I notice it puts the ! in front of the --dport, but has no complaints.

However, I can telnet to www.xxx.yyy.hhh 443. What's wrong with the rules?

         mark

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



      

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux