1

I am trying to only allow port 22 TCP/UDP and port 80 TCP/UDP from anywhere using Fedora 15 iptables, and all the rest will be never accessible nor scannable from a public network.

But it never works for me, at the end I turned it off because I am scared it will block me to access even the port 22 myself.

So, my question is, how can I do this in Fedora 15? Block all except for 22, 80 TCP/UDP?

iptables -P INPUT ACCEPT

# Fresh start
iptables -F
# Localhost/ethernet 0 / yum installation allow
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

# SSH
iptables -A INPUT -p tcp –dport 22 -j ACCEPT
#iptables -A INPUT -s aa.bb.aa.bb -d xx.yy.xx.yy -p tcp -m tcp –dport 22 -j ACCEPT
iptables -A INPUT -d xx.yy.xx.yy -p tcp -m tcp –dport 22 -j ACCEPT

# other
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# show
iptables -L -v
slhck
  • 223,558
  • 70
  • 607
  • 592
YumYumYum
  • 1,667
  • 7
  • 42
  • 66

1 Answers1

2

The easiest way to edit firewall configuration on Fedora is using the system-config-firewall tool. Just run system-config-firewall from X or system-config-firewall-tui and use the easy graphical/curses interface to set up your firewall rules.

Alternatively, the following /etc/sysconfig/iptables should do the trick:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Run service iptables restart when you are done. (You could also use the above arguments with iptables and then run service iptables save).

Remember, if you have IPv6 connectivity you must do something similar in /etc/sysconfig/ip6tables. system-config-firewall will automatically do this for you.

Patches
  • 16,136
  • 3
  • 55
  • 61