Re: Getting Tftp to run with this Rule set

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: /dev/rob0 <rob0@gmx.co.uk>
To: netfilter@lists.netfilter.org
Subject: Re: Getting Tftp to run with this Rule set
Date: Thu, 11 Aug 2005 12:37:12 -0500	[thread overview]
Message-ID: <200508111237.12648.rob0@gmx.co.uk> (raw)
In-Reply-To: <42FB4FB2.5020904@us.ibm.com>

On Thursday 2005-August-11 08:16, Ralph Blach wrote:
> I have a Fedora 3 core 86_64 box running with this rule set as
> generated by the fedora firewall bring up.  Eth1 is a trusted

I haven't seen it recently, but I know that older versions of Fedora 
(and Red Hat) default firewalls are utterly useless. If you want to 
learn iptables yourself, fine; if not, look on freshmeat for something 
better. Just about anything you might find is probably better.

At this time I don't have something specific I can recommend. Before I 
learned iptables I used MonMotha's, but that's too complicated for my 
liking.

> What rule set do I add so that ports on eth1 above 1024 will be
> accessable on eth1 and tftp will work?

Wrong question. Use stateful inspection as described in the Packet 
Filtering HOWTO. The ipchains-style approach of opening high ports is a 
terrible idea, completely unnecessary with iptables.

I could answer your question, but I won't. It is documented in the 
manual, of course.

> Here is the rule set
> /etc/rc.d/init.d/iptables status

No, that's not. It doesn't tell us much at all. iptables-save(8) output 
is far more useful.
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header

next prev parent reply	other threads:[~2005-08-11 17:37 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-08-11 13:16 Getting Tftp to run with this Rule set Ralph Blach
2005-08-11 17:37 ` /dev/rob0 [this message]
2005-08-11 17:52   ` Can someone recommend a good simple firewall script? /dev/rob0
2005-08-11 18:00     ` Tom Eastep
2005-08-11 19:06     ` Anthony DiSante

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200508111237.12648.rob0@gmx.co.uk \
    --to=rob0@gmx.co.uk \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox