On Mon, 2005-01-31 at 19:56 -0500, Robert L Cochran wrote:
Thank you. How do I implement iptables rules without interfering with what the Security Level applet sets?
Bob
Very simply, open up a terminal, su over to root. Add the iptables rules tgat you want.
When you are finshed, service iptables save will make them permanent
MC
Thank you. I am assuming that the Security Level applet adds its own iptables rules. Is this correct? So it would drop all inbound connections on all ports to start with, and allow in only the the connections I permit through the applet.
If I'm right about the above, then I can just do what you say: just add the new iptables rules I'm interested in, enter 'service iptables save', and they become permanent. Am I still right?
Now suppose I screwed up and made a mistake. Can I change the rules I messed up?
Thanks
Bob
Essentially yes, system-config-secutitylevel works the same way. For example, If you were to add for Other ports: 445:tcp in the applet. It would add this to the chain:
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds
The same effect can be achieved by iptables -A INPUT -p TCP -dport 445 -d 192.168.1.1 -j ACCEPT
and then service iptables save
All of the available options are in man iptables, there are also some very helpful pages on the web
Disclamer, I have not worked with iptables in a long time, feel free to correct my syntax
MC