* INPUT and PORTS
@ 2006-11-01 12:49 plugthebox.net /dev/null
0 siblings, 0 replies; 3+ messages in thread
From: plugthebox.net /dev/null @ 2006-11-01 12:49 UTC (permalink / raw)
To: netfilter
Hello,
I want to do the following, accept in comings from 10.2.2.115 only
restricting to port 80,22
is this correct?
-P rules ...
-F rules ...
/sbin/iptables -A FORWARD -d 10.2.2.115 -j ACCEPT
/sbin/iptables -A FORWARD -s 10.2.2.115 -j ACCEPT
/sbin/iptables -A INPUT -s 10.2.2.115 -j ACCEPT
/sbin/iptables -A FORWARD -m multiport -p tcp --ports 80,22 -j ACCEPT
/sbin/iptables -A INPUT -m multiport -p tcp --ports 80,22 -j ACCEPT
Eventhough i saw this setup in many tutorials/howtos, when ever i want
to block 10.2.2.115 (by not listing him in the INPUT -j ACCEPT), that ip
can still connect to port 80 and 22.
Thanks
Sincerely,
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: INPUT and PORTS
@ 2006-11-01 13:35 anisha.chandrasekaran
0 siblings, 0 replies; 3+ messages in thread
From: anisha.chandrasekaran @ 2006-11-01 13:35 UTC (permalink / raw)
To: devnull, netfilter
I would like to have a little more clear idea on what you need to do
exactly????
That is, DO you need to allow only 80 and 20 ports from the specified
ip?
In that case you can have
Iptables -P FORWARD DROP
Iptables -A FORWARD -p tcp -s 10.2.2.115 -m multiport --dports 80,22 -j
ACCEPT
The above rule will allow only 80 and 22 requests from that ip. Is this
clear or am I not answering what you are asking????
Regards,
Anisha Chandrasekaran
-----Original Message-----
From: netfilter-bounces@lists.netfilter.org
[mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of
plugthebox.net /dev/null
Sent: Wednesday, November 01, 2006 6:19 PM
To: netfilter
Subject: INPUT and PORTS
Hello,
I want to do the following, accept in comings from 10.2.2.115 only
restricting to port 80,22
is this correct?
-P rules ...
-F rules ...
/sbin/iptables -A FORWARD -d 10.2.2.115 -j ACCEPT
/sbin/iptables -A FORWARD -s 10.2.2.115 -j ACCEPT
/sbin/iptables -A INPUT -s 10.2.2.115 -j ACCEPT
/sbin/iptables -A FORWARD -m multiport -p tcp --ports 80,22 -j ACCEPT
/sbin/iptables -A INPUT -m multiport -p tcp --ports 80,22 -j ACCEPT
Eventhough i saw this setup in many tutorials/howtos, when ever i want
to block 10.2.2.115 (by not listing him in the INPUT -j ACCEPT), that ip
can still connect to port 80 and 22.
Thanks
Sincerely,
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: INPUT and PORTS
[not found] <!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5/+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAABaalp1/Z/jRK7sKuE7ceDgAQAAAAA=@iname.com>
@ 2006-11-01 13:41 ` plugthebox.net /dev/null
0 siblings, 0 replies; 3+ messages in thread
From: plugthebox.net /dev/null @ 2006-11-01 13:41 UTC (permalink / raw)
To: frnkblk; +Cc: netfilter
Hello,
But i still have other users that only need to access 80 and 22.
Let me clarify my setup.
I have 3 users (they're around 2000 but lets use 3 for now), i want them
all to be able to connect INPUT to ports 80 and 22, sometimes, i want to
block some users, by not including them in the INPUT -s -j ACCEPT, but i
want to keep the other users INPUT -s -j ACCEPT to use 80 and 22
thanks
On Wed, 2006-11-01 at 06:51 -0600, Frank Bulk wrote:
> That's because you still have a rule that matches, specifically:
> /sbin/iptables -A FORWARD -m multiport -p tcp --ports 80,22 -j
> ACCEPT
> /sbin/iptables -A INPUT -m multiport -p tcp --ports 80,22 -j ACCEPT
>
> Frank
>
> -----Original Message-----
> From: netfilter-bounces@lists.netfilter.org
> [mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of plugthebox.net
> /dev/null
> Sent: Wednesday, November 01, 2006 6:49 AM
> To: netfilter
> Subject: INPUT and PORTS
>
> Hello,
> I want to do the following, accept in comings from 10.2.2.115 only
> restricting to port 80,22
>
> is this correct?
>
> -P rules ...
> -F rules ...
> /sbin/iptables -A FORWARD -d 10.2.2.115 -j ACCEPT
> /sbin/iptables -A FORWARD -s 10.2.2.115 -j ACCEPT
> /sbin/iptables -A INPUT -s 10.2.2.115 -j ACCEPT
> /sbin/iptables -A FORWARD -m multiport -p tcp --ports 80,22 -j ACCEPT
> /sbin/iptables -A INPUT -m multiport -p tcp --ports 80,22 -j ACCEPT
>
> Eventhough i saw this setup in many tutorials/howtos, when ever i want
> to block 10.2.2.115 (by not listing him in the INPUT -j ACCEPT), that ip
> can still connect to port 80 and 22.
>
>
>
> Thanks
> Sincerely,
>
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-11-01 13:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-11-01 12:49 INPUT and PORTS plugthebox.net /dev/null
-- strict thread matches above, loose matches on Subject: below --
2006-11-01 13:35 anisha.chandrasekaran
[not found] <!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5/+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAABaalp1/Z/jRK7sKuE7ceDgAQAAAAA=@iname.com>
2006-11-01 13:41 ` plugthebox.net /dev/null
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.