[root@alanstudio]# vi /etc/sysconfig/iptables

Modify the config file of firewall filter rule



## Example in /etc/sysconfig/iptables

*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ## VPN pptpd ------- -A RH-Firewall-1-INPUT -p gre -j ACCEPT -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 1723 -j ACCEPT ## pop3 & smtp & imap ------- -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 110 -j ACCEPT -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 143 -j ACCEPT ## FTP ------- -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 20 -j ACCEPT -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 21 -j ACCEPT ## FTP passive port ----- -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 60000:60100 -j ACCEPT ## ssh ------- -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j ACCEPT ## www ------- -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 80 -j ACCEPT ## Reject all without icmp -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Generated by webmin *mangle :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed # Generated by webmin *nat :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed



Server is hosted by Alanstudio
Linux Operating System

Recommend screen resolution 1024 x 768 / IE / FireFox
Alan Studio © 2007 by Alan Cheung Hin Lun. All rights reserved.