Modifing Iptables
Bill Davidsen
davidsen at tmr.com
Sun Oct 25 02:41:19 UTC 2009
Jim wrote:
> FC11-X86_64/Kde
>
> Trying to setup VNC in fedora 11 but if I put the following line in
> /etc/syconfig/iptables ;
>
> # 5901 corresponds to :1, 5902 for :2 and so on.
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 5901:5902 -j ACCEPT
>
> Then do # service iptables restart , it fails.
>
> What is happening ??
>
Try "-I" rather than "-A" to see if earlier rules are the issue.
To avoid rule overhead I put the 'accept ESTABLISHED,RELATED' tcp rule first,
since that's 99% of the traffic.
You didn't ask: you can also tunnel it through ssh and not have the port open
(loopback accepts all).
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the users
mailing list