On Tue, 2003-02-25 at 03:19, Leonard Miller wrote: > How do I allow incoming http port 80 from only one machine and > deny all others? Is it easy to turn off when testing is finished? To make it more permanent, put in /etc/sysconfig/iptables something like this (note the default policy is drop, and packets are logged so you can see who's being bounced). To start it (if you're not already using iptables) service iptables start when you're done, run service iptables stop and to make it permanent use redhat-config-services # /etc/sysconfig/iptables *filter :FORWARD ACCEPT [0:0] :INPUT DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -s <ip_address> -j ACCEPT -A INPUT -j LOG --log-prefix "Input DROP: " COMMIT *mangle :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT *nat :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed HTH, -- Iain Buchanan <iain@nospam.pcorp.com.au> In this world, truth can wait; she's used to it.
Attachment:
signature.asc
Description: This is a digitally signed message part
