linux firewall

# allow outside access to a port.
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT

# allow outside access to a range of ports.
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 4889:4897 -j ACCEPT

# allow a range of outside ipaddresses access to a port. in this case 192.168.0.* to port 1521
iptables -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp -m state –state NEW -m tcp –dport 1521 -j ACCEPT

# replace a rule
iptables -R INPUT 1 -p tcp -s 192.168.0.0/24 –dport 80 -j ACCEPT

# block icmp traffic, except from 10.10.10.x addresses
# –important– the below rule replaces rule #2 use -A or -I to input or append
# however most times there will already be a rule governing icmp traffic thus you should replace (-R)
iptables -R INPUT 2 -p icmp -s 10.10.10.0/24 -j ACCEPT

# my fire wall rules
iptables -R INPUT 2 -p icmp -s 10.10.10.0/24 -j ACCEPT #–this updates a pre-existing default rule (#2), the others are additions
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 1159 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 1521 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 4889:4897 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 4899:4908 -j ACCEPT
iptables -A INPUT -s 10.10.10.0/255.255.255.0 -p tcp -m state –state NEW -m tcp –dport 7803 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW -m tcp -s 10.10.10.0/255.255.255.0 –dport 7803 -j ACCEPT
iptables -A INPUT -j REJECT –reject-with icmp-host-prohibited

/etc/sysconfig/iptables

# Generated by iptables-save v1.4.7 on Tue Feb 12 12:20:18 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [85971:45164444]
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 10.10.10.0/24 -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 1159 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 1521 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 4889:4897 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 4899:4908 -j ACCEPT
-A INPUT -s 10.10.10.0/24 -p tcp -m state –state NEW -m tcp –dport 7803 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Feb 12 12:20:18 2013

# it might be this rule…
iptables -A INPUT -p tcp -m state –state NEW -m tcp -s 10.10.10.0/255.255.255.0 –dport 7803 -j ACCEPT

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s