On Wed, Aug 18, 2010 at 4:18 PM, JD wrote:
> On 08/18/2010 01:06 PM, Tom H wrote:
>> On Tue, Aug 17, 2010 at 9:31 PM, Genes MailLists wrote:
>>> On 08/17/2010 02:08 AM, Tom H wrote:
IPTABLES="/sbin/iptables"
$IPTABLES --table filter --policy INPUT ACCEPT
$IPTABLES --table fil
JD wrote:
> On 08/18/2010 01:06 PM, Tom H wrote:
>> On Tue, Aug 17, 2010 at 9:31 PM, Genes MailLists wrote:
>>> On 08/17/2010 02:08 AM, Tom H wrote:
>>> #! /bin/sh
IPTABLES="/sbin/iptables"
$IPTABLES --table filter --policy INPUT ACCEPT
$IPTABLES --table filter --policy FORWARD
On 08/18/2010 01:06 PM, Tom H wrote:
> On Tue, Aug 17, 2010 at 9:31 PM, Genes MailLists wrote:
>> On 08/17/2010 02:08 AM, Tom H wrote:
>> #! /bin/sh
>>> IPTABLES="/sbin/iptables"
>>> $IPTABLES --table filter --policy INPUT ACCEPT
>>> $IPTABLES --table filter --policy FORWARD ACCEPT
>>> $IPTABL
> On 08/17/2010 08:40 PM, Genes MailLists wrote:
>> On 08/17/2010 11:36 PM, JD wrote:
>>
>>> Well, what does your iptables start out with?
>> iptables -P INPUT DROP
>> iptables -P OUTPUT DROP
>> iptables -P FORWARD DRO
> Sorry, my question was not clear.
> I meant cat the first few
On Tue, Aug 17, 2010 at 9:31 PM, Genes MailLists wrote:
> On 08/17/2010 02:08 AM, Tom H wrote:
> #! /bin/sh
>> IPTABLES="/sbin/iptables"
>> $IPTABLES --table filter --policy INPUT ACCEPT
>> $IPTABLES --table filter --policy FORWARD ACCEPT
>> $IPTABLES --table filter --policy OUTPUT ACCEPT
>
> N
Genes MailLists wrote:
> On 08/17/2010 02:08 AM, Tom H wrote:
> #! /bin/sh
>> IPTABLES="/sbin/iptables"
>> $IPTABLES --table filter --policy INPUT ACCEPT
>> $IPTABLES --table filter --policy FORWARD ACCEPT
>> $IPTABLES --table filter --policy OUTPUT ACCEPT
>
>
>Not saying I'm commenting on t
On 08/17/2010 08:40 PM, Genes MailLists wrote:
> On 08/17/2010 11:36 PM, JD wrote:
>
>> Well, what does your iptables start out with?
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
> iptables -P FORWARD DRO
Sorry, my question was not clear.
I meant cat the first few lines of y
On 08/17/2010 11:36 PM, JD wrote:
> Well, what does your iptables start out with?
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.o
On 08/17/2010 08:32 PM, Genes MailLists wrote:
> On 08/17/2010 11:23 PM, JD wrote:
>>>g
>> It's strange, but I assume that you start with a promiscuous
>> filter, and then you add rules to button it up.
>> I really do not know how these rules are consulted,
>> and which rule takes precedence
On 08/17/2010 11:23 PM, JD wrote:
>> g
> It's strange, but I assume that you start with a promiscuous
> filter, and then you add rules to button it up.
> I really do not know how these rules are consulted,
> and which rule takes precedence .
>
That is not standard practice no - it is the norm
On 08/17/2010 06:31 PM, Genes MailLists wrote:
> On 08/17/2010 02:08 AM, Tom H wrote:
> #! /bin/sh
>> IPTABLES="/sbin/iptables"
>> $IPTABLES --table filter --policy INPUT ACCEPT
>> $IPTABLES --table filter --policy FORWARD ACCEPT
>> $IPTABLES --table filter --policy OUTPUT ACCEPT
>
> Not sa
On 08/17/2010 02:08 AM, Tom H wrote:
#! /bin/sh
> IPTABLES="/sbin/iptables"
> $IPTABLES --table filter --policy INPUT ACCEPT
> $IPTABLES --table filter --policy FORWARD ACCEPT
> $IPTABLES --table filter --policy OUTPUT ACCEPT
Not saying I'm commenting on the wisdom of the rules one way or
ano
On 08/17/2010 08:20 AM, Gordon Messmer wrote:
> The file you'll want to modify is /etc/sysconfig/iptables. Others have
> already posted the appropriate rules. Make sure you have backups; if
> you ever run the system-config-security tool again, it'll over write
> your changes.
>
> You could go o
The file you'll want to modify is /etc/sysconfig/iptables. Others have
already posted the appropriate rules. Make sure you have backups; if
you ever run the system-config-security tool again, it'll over write
your changes.
You could go one level up that stack and modify
/etc/sysconfig/system
On Mon, 2010-08-16 at 18:14 -0700, JD wrote:
> I would like to set up my iptables firewall ...
[without using the default GUI tool]
You can try one of the other front ends for managing the firewall. I
think Firestarter is the name of one that's still current. There's
about two or three choices o
On Mon, Aug 16, 2010 at 9:14 PM, JD wrote:
> I would like to set up my iptables firewall so that when I issue
> the command
>
> $ sudo iptables -L -n
>
> I would like to see only the following:
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT all
On Mon, Aug 16, 2010 at 18:14:03 -0700,
JD wrote:
> I would like to set up my iptables firewall so that when I issue
>
> How do I accomplish this?
>
> The gui for setting up the firewall is to darned limited and it
> creates unexpected rules and filters I did not specify.
Set up the rules y
I would like to set up my iptables firewall so that when I issue
the command
$ sudo iptables -L -n
I would like to see only the following:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/00.0.0.0/0 state
RELATE
On Fri, 2010-02-12 at 13:44 +1300, Clint Dilks wrote:
> >
> > WTF?
> >
> > Craig
> >
> >
> >
> Hi, Are you also using /etc/hosts.allow and /etc/hosts.deny ?
nevermind... pebkac - ssh only available at the port I moved it to
(rather than making available on multiple ports). I wasn't actually
On Fri, 2010-02-12 at 13:44 +1300, Clint Dilks wrote:
> Craig White wrote:
> > Perhaps this is just a thing with Linode VPS but it is Fedora 11.
> >
> > I would think that given my iptables rules, this shouldn't happen
> >
> > # ssh r...@localhost
> > ssh: connect to host localhost port 22: Connect
Craig White wrote:
> Perhaps this is just a thing with Linode VPS but it is Fedora 11.
>
> I would think that given my iptables rules, this shouldn't happen
>
> # ssh r...@localhost
> ssh: connect to host localhost port 22: Connection refused
>
> Yes, port 22 is not allowed for eth0 but it should b
Perhaps this is just a thing with Linode VPS but it is Fedora 11.
I would think that given my iptables rules, this shouldn't happen
# ssh r...@localhost
ssh: connect to host localhost port 22: Connection refused
Yes, port 22 is not allowed for eth0 but it should be on 'localhost'
# cat /etc/hos
22 matches
Mail list logo
