On Sat, 2005-01-29 at 20:32 -0500, Robert L Cochran wrote:
On Fedora Core 3, I want to enable the firewall, permitting inbound TCP connections from anywhere on port 80. I also want to allow inbound connections on port 3306 but only from hosts 192.168.1.1 and 192.168.1.2.
It looks like I can't do this from the Applications --> System Settings --> Security Level GUI. I can allow ports 80 and 3306, but it doesn't look like I can limit the port 3306 connections to just 2 specific hosts. I would have to craft an IPTABLES script. Am I right here, and if so, what would be the right way to add specific IPTABLES rules without interfering with the Security Level applet?
---- yeah - it's a very basic tool
If you want to start messing with iptables...it's not hard - I've always used David Ranch's trinity os think stuff
http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/c-html/stronger- firewall-examples.html#RC.FIREWALL-2.4.X-STRONGER
but basically, you can simply add rules to that which you created with the system-config-securitylevel and the issue the command 'service iptables save' but that is mindless...if you ever run the system-config- securitylevel again, you will wipe out any custom stuff you added.
I think this is how you would do one of the lines... /sbin/iptables -A INPUT -i eth0 -s 192.168.1.1/32 -p tcp --dport 3306 -j ACCEPT
Craig