From mboxrd@z Thu Jan 1 00:00:00 1970 From: /dev/rob0 Subject: Re: Getting Tftp to run with this Rule set Date: Thu, 11 Aug 2005 12:37:12 -0500 Message-ID: <200508111237.12648.rob0@gmx.co.uk> References: <42FB4FB2.5020904@us.ibm.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <42FB4FB2.5020904@us.ibm.com> Content-Disposition: inline List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" To: netfilter@lists.netfilter.org On Thursday 2005-August-11 08:16, Ralph Blach wrote: > I have a Fedora 3 core 86_64 box running with this rule set as > generated by the fedora firewall bring up. Eth1 is a trusted I haven't seen it recently, but I know that older versions of Fedora (and Red Hat) default firewalls are utterly useless. If you want to learn iptables yourself, fine; if not, look on freshmeat for something better. Just about anything you might find is probably better. At this time I don't have something specific I can recommend. Before I learned iptables I used MonMotha's, but that's too complicated for my liking. > What rule set do I add so that ports on eth1 above 1024 will be > accessable on eth1 and tftp will work? Wrong question. Use stateful inspection as described in the Packet Filtering HOWTO. The ipchains-style approach of opening high ports is a terrible idea, completely unnecessary with iptables. I could answer your question, but I won't. It is documented in the manual, of course. > Here is the rule set > /etc/rc.d/init.d/iptables status No, that's not. It doesn't tell us much at all. iptables-save(8) output is far more useful. -- mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header