iptables

Peter Abrahamsen peidran at u.washington.edu
Tue Jun 25 22:52:37 PDT 2002 

Cere,

In general, you'll also want things like:

iptables -A INPUT -m state established,related -j ACCEPT

Course, if you're allowing everything from a certain host, period, I guess
that's superfluous with regaurd to that host.

Cheers,

Peter

On Tue, Jun 25, 2002 at 10:05:45PM -0700, Cere M. Davis wrote:
> 
> Well it's me again.  Replying to my own email queries.  For anyone who
> cares to know, you have to add:
> 
> iptables -A INPUT -s localhost -i lo ACCEPT
> 
> to the list to get an nis client working.
> 
> -Cere
> 
> >
> > OK.  I figured that one out:
> >
> > I need to add:
> >
> > iptables -A INPUT -f -j ACCEPT
> >
> > to allow all packet fragments accept the first one through since NFS
> > requires this.  But now I'm trying to get my iptables system to work as an
> > NIS client and still no dice.
> >
> > -Cere
> >
> > >
> > > I'm beginning to goof around with iptables and am trying to accomplish
> > > something dern simple.  For starters I just want to try and allow
> > > all traffic outbound and only inbound traffic from one host.
> > >
> > > If I say:
> > >
> > > iptables --flush
> > > iptables -P OUTPUT ACCEPT
> > > iptables -P INPUT DROP
> > > iptables -A INPUT --src the.host.I.want -j ACCEPT
> > >
> > > and then try running
> > >
> > > rpcinfo -p the.host.I.want
> > >
> > > I get nothing.  Zilch.  Nodda.  I must be missing something obvious here.
> > > Does anybody know?
> > >
> > >
> > > -Cere
> > >
> > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> > > 		        Cere Davis
> > > 		Unix Systems Administrator - CSDE
> > >             cere at u.washington.edu   ph: 206.685.5346
> > >          https://staff.washington.edu/cere
> > >
> > > GnuPG Key   http://staff.washington.edu/cere/gpgkey.txt
> > > Key fingerprint = B63C 2361 3B9B 8599 ECC9  D061 3E48 A832 F455 9E7FA
> > >
> > >
> > >
> > >
> >
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> > 		        Cere Davis
> > 		Unix Systems Administrator - CSDE
> >             cere at u.washington.edu   ph: 206.685.5346
> >          https://staff.washington.edu/cere
> >
> > GnuPG Key   http://staff.washington.edu/cere/gpgkey.txt
> > Key fingerprint = B63C 2361 3B9B 8599 ECC9  D061 3E48 A832 F455 9E7FA
> >
> >
> >
> >
> 
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 		        Cere Davis
> 		Unix Systems Administrator - CSDE
>             cere at u.washington.edu   ph: 206.685.5346
>          https://staff.washington.edu/cere
> 
> GnuPG Key   http://staff.washington.edu/cere/gpgkey.txt
> Key fingerprint = B63C 2361 3B9B 8599 ECC9  D061 3E48 A832 F455 9E7FA
> 
> 
> 

-- 
Peter Abrahamsen
University of Washington, Seattle, WA, USA
Key 0x039922C0 : 259E 19C4 6FB4 1CA2 AC9D 75CE 8B5F 993D 0399 22C0
 /  Ishmael remembers old Doc Benway saying:  /
 /  "You face death all the time              /
 /  And for that time you are immortal."      /
       - William S. Burroughs

More information about the Linux mailing list