opening firewall ports on the command line with Fedora';s firewall
Matej Cepl
mcepl at redhat.com
Thu May 17 09:05:27 UTC 2007
On 2007-05-17, 00:34 GMT, Scott Berry wrote:
> I need to open port I believe it is 6667 on the firewall for my
> Fedora server. How would this be done?
system-config-securitylevel-tui works through ssh (or at least it
should work). However, just because I would love to get
a feedback from wiser people, I will post here my script for
iptables -- I found managing a script much better than fiddling
with GUI (nothing against that -- it may be better for really
simple operations, but when you run IRC server or something,
a little bash script is just better, IMHO a IMMV):
#!/bin/sh
service iptables stop
iptables -P INPUT DROP
for CHAIN in OUTPUT FORWARD ; do
iptables -P $CHAIN ACCEPT
done
iptables -A INPUT -i lo -j ACCEPT
iptables -A FORWARD -s 10.0.0.0/24 -j ACCEPT
for CHAIN in INPUT OUTPUT FORWARD ; do
iptables -A $CHAIN -m state --state ESTABLISHED,RELATED \
-j ACCEPT
iptables -A $CHAIN -m state --state INVALID -j LOG
iptables -A $CHAIN -m state --state INVALID -j DROP
done
# Most of the work is done above -- so only NEW packets are
# of interest to us.
# world open -- only ssh and even that is remapped to
# different port on firewall
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
## these are opened for the local network
# HTTP
iptables -A INPUT -p tcp -s 10.0.0.0/24 --dport http -j ACCEPT
# DNS
iptables -A INPUT -p tcp -s 10.0.0.0/24 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -s 10.0.0.0/24 --dport 53 -j ACCEPT
# ANY OTHER OPEN PORTS GO HERE....
# masquerading (for Xen guests)
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
# I prefer REJECT to DROP, but REJECT cannot be used as
# a default policy
iptables -A INPUT -j REJECT
service iptables save
I think you can find an inspiration here.
Matej
More information about the users
mailing list