All about iptables
22 posts
• Page 2 of 2 • 1, 2
by Void Main » Tue Feb 04, 2003 12:52 am
Well I do Xterminal server into my desktop in the kitchen but that is not why I don't have to go downstairs and get on the console of the servers. The reason I don't have to go to the console is because I just ssh into the servers and do everything from the command line. I don't even have X installed on them so I wouldn't get any more benefit from being at the console than I have with ssh.
-
Void Main - Site Admin
- Posts: 5705
- Joined: Wed Jan 08, 2003 5:24 am
- Location: Tuxville, USA
by bazoukas » Tue Feb 04, 2003 10:29 pm
Void before I do anything and mess up my system I just need to make sure about the syntax with iptables.
Say just for example I want to deny connection to port 6000,
I would need to type this (no?)
There is no need to put the actual name of the service right?
At least thats what am reading in the Official Document from RH.[/code]
Say just for example I want to deny connection to port 6000,
I would need to type this (no?)
- Code: Select all
iptables -A INPUT -p tcp --sport 6000 -j REJECT
There is no need to put the actual name of the service right?
At least thats what am reading in the Official Document from RH.[/code]
- bazoukas
- programmer
- Posts: 191
- Joined: Tue Jan 14, 2003 1:38 pm
- Location: NYC
by Void Main » Tue Feb 04, 2003 10:44 pm
Actually you would want "--dport" rather than "--sport". But I don't understand, 6000 should already be blocked to everything except your local internal network if you added the rules from last night. You can use REJECT or DROP as the action (REJECT sends and error message back, DROP doesn't, both will deny access). Also you did not specify an interface which means you would block incoming port 6000 on all interfaces.
-
Void Main - Site Admin
- Posts: 5705
- Joined: Wed Jan 08, 2003 5:24 am
- Location: Tuxville, USA
by bazoukas » Tue Feb 04, 2003 11:01 pm
I brought 6000 just for an example. Right now I am reinstalling RedHat8 in my laptop (was trying debian on it during the weekend) and I will do everything in my laptop from scratch so i wont mess up anything in this computer.
Oh I see now. I need to specify if its going to be in eth0 or eth1 and so on, otherwise its like apllying it to all interfaces.
Install just finished in laptop. I will give it a try now.
Oh I see now. I need to specify if its going to be in eth0 or eth1 and so on, otherwise its like apllying it to all interfaces.
Install just finished in laptop. I will give it a try now.
- bazoukas
- programmer
- Posts: 191
- Joined: Tue Jan 14, 2003 1:38 pm
- Location: NYC
by bazoukas » Tue Feb 04, 2003 11:31 pm
Whoooozaaa!!!!!!
I did it using the shell saved it and then did -L and it was right there and then I restarted it.
All was [OK] .
Man this is fun as hell. You can write ANY rules you want!!
I did it using the shell saved it and then did -L and it was right there and then I restarted it.
All was [OK] .
Man this is fun as hell. You can write ANY rules you want!!
- bazoukas
- programmer
- Posts: 191
- Joined: Tue Jan 14, 2003 1:38 pm
- Location: NYC
by bazoukas » Tue Feb 04, 2003 11:55 pm
Allright mano,,,,am going to ze bed. In two days I slept for 4 hours. Last night i stoped for a min with Linux turned my chair towards the TV set and I just slept like a dog on the chair till almost 6 in the morning.
Void thanks ALOT man. This is like attending another course during nights.
Thanks a million. If you werent married I would send you some naked greek girls your way
Void thanks ALOT man. This is like attending another course during nights.
Thanks a million. If you werent married I would send you some naked greek girls your way
- bazoukas
- programmer
- Posts: 191
- Joined: Tue Jan 14, 2003 1:38 pm
- Location: NYC
22 posts
• Page 2 of 2 • 1, 2
Who is online
Users browsing this forum: No registered users and 1 guest