I would like to open up a few ports, but only when they come in on a
particular adaptor/subnet. How do I go about this?
My iptables is/are auto configured by system-config-securitylevel so I
have not edited iptables file directly, but I have tried things like
"iptables -A -i tun0 -s 10.8.0.0/24 -j ACCEPT" and "iptables -A
RH-Firewall-1-INPUT -i tun0 -j ACCEPT" but nothing happens.
[root@myserver ~]# ifconfig
...
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:965 errors:0 dropped:0 overruns:0 frame:0
TX packets:987 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:90379 (88.2 KiB) TX bytes:179210 (175.0 KiB)
[root@myserver ~]# iptables -A -i tun0 -s 10.8.0.0/24 -j ACCEPT
Bad argument `tun0'
However
[root@myserver ~]# iptables -A RH-Firewall-1-INPUT -i tun0 -j ACCEPT
works in the sense that it does not give an error, but it also does not
seem to do anything.
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
...
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
...
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
Any help you could provide would be greatly appreciated
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)