[CentOS] A little iptables help
Kirk Bocek
t004 at kbocek.com
Wed Sep 28 16:09:27 UTC 2005
Rodrigo Barbosa wrote:
>
> Humm, that should be relatively simple:
>
> iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j ACCEPT
> iptables -t nat -A PREROUTING -p tcp --destination-port 8000 -j DNAT --to-destination ${DESTINATION_SERVER}
>
> iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE1} -j ACCEPT
> iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE2} -j ACCEPT
> iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE3} -j ACCEPT
> iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE4} -j ACCEPT
> iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -j REJECT --reject-with tcp-reset
>
Rodrigo, wouldn't the port filtering take place in the INPUT chain?
iptables -P INPUT DROP
iptables -A INPUT -p tcp --destination-port 80 -j ACCEPT
More information about the CentOS
mailing list