Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Linux Firewall Config 1

Status
Not open for further replies.
Dimonet

Dimonet

IS-IT--Management
Oct 17, 2001
65
US
I have built a Fedora Core 2 box and I am running the firewall currently. I only have SSH/VNC/FTP allowed and I am not trusting my Interface card. So basically other than those three ports the system is totally locked down.

I would like to know if there is a way to tell th box that I trust all traffic from a particular subnet. Or alternatively if I can tell it that I trust all traffic from a particular host. I have done some reading and haven't found anything where I can say "Trust this IP" or "Trust this subnet".

If anyone could tell me how and in what file I could accomplish this I would appreciate it.

Thanks,
Dimo
 
Sort by date Sort by votes
It's a simple matter of sending packets from your machine or subnet to the ACCEPT target.

For a single machine (assuming the single machine has an IP address of 10.10.10.10 and that your Linux machine's interface is eth0:

iptables -A INPUT -i eth0 -s 10.10.10.10 -j ACCEPT

For a subnet (assuming that you want to allow all machines from the 10.10.10.0 subnet 255.255.255.0 network in):

iptables -A INPUT -i eth0 -s 10.10.10.0/24 -j ACCEPT

or

iptables -A INPUT -i eth0 -s 10.10.10.0/255.255.255.0 -j ACCEPT



Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Thanks so much for the tip. I only have one more question. When you perform this command what file is it writing to. Are there multiple files the firewall reads or just one?

Thanks,
Dimo
 
Upvote 0 Downvote
The examples I've given are run from the command-line.

What I generally do is create a bash script containing the iptables commands to configure the firewall, then have the init system run the script at boot.




Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote

Dude, check out fwbuilder on source forge. It rocks for generating complex firewall configs.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

kristiandg
  • Locked
  • Question
Linux, "port mirror" between two boxes...
Replies
0
Views
123
kristiandg
kristiandg
Phi_1.618
  • Locked
  • Question
Linux server
Replies
2
Views
167
SamBones
SamBones
bhuv560
  • Locked
  • Question
Postfix Installation on EC2 AWS Linux
Replies
0
Views
85
bhuv560
bhuv560
SamBones
  • Locked
  • Question
Linux 7 Installation Failures 1
Replies
3
Views
119
SamBones
SamBones
Edwin Reyes
  • Locked
  • Question
High CPU utilization Linux Server due to mysql
Replies
1
Views
123
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top