[CentOS] Security help desperately needed - more info
mouss
mouss at netoyen.net
Thu Feb 7 21:30:55 UTC 2008
Anne Wilson wrote:
> /etc/hosts is fine. All possible connections on the lan are correctly
> defined. dns resolution is via my isp, and again the IP addresses are
> correctly set. That leaves the security settings, where I believe the
> problem is. So, let's start with iptables. I've never worked directly with
> iptables before. I use shorewall when I set up the older server, a long time
> ago. /usr/share/doc/iptables... doesn't help. Does that mean that the man
> pages are the only help? Googling, I suppose. Any particular documents
> recommended?
>
do an
# iptables-save > somefile
edit somefile and put the following 4 lines "somewhere" (before the
lines that reject everything)
-A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.0.0/24 --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.0.0/24 --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s
192.168.0.0/24 --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s
192.168.0.0/24 --dport 445 -j ACCEPT
adjust the IP sources (the -s 192.168.0.0/24) as you need. I am assuming
that you have a rule like this:
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
then
# iptables-restore < somefile
if you're happy with that, then
# iptables-save > /etc/sysconfig/iptables
so that this survives a reboot.
More information about the CentOS
mailing list