Ignore:
Timestamp:
Aug 3, 2008, 12:53:23 PM (16 years ago)
Author:
geofft
Message:
Fix some stuff about our iptables rules, including:
- Remove ACCEPT rules where the default is ACCEPT.
- We don't run NFS anymore; punt those rules.
- hodge-podge doesn't exist anymore; punt those rules.
- Blocking MIT Google wholesale is probably a bad idea.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • server/fedora/config/etc/sysconfig/iptables

    r715 r787  
    2020*filter
    2121:INPUT ACCEPT [292118:164733476]
    22 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    23 -A INPUT -p tcp -m tcp --dport 5666 -s 18.181.0.65/255.255.255.255 -j ACCEPT
    24 -A INPUT -p tcp -m tcp --dport 5666 -s ! 18.187.1.128/255.255.255.255 -j REJECT
    25 -A INPUT -p tcp -m tcp --dport 199 -s ! 18.187.1.128/255.255.255.255 -j REJECT
    2622-A INPUT -p udp -m udp --dport 161 -s ! 18.0.0.0/8 -j REJECT
    27 -A INPUT -p tcp -m tcp -m state --state NEW -m multiport --dports 111,2049 -s 127.0.0.1/255.0.0.0 -j ACCEPT
    28 -A INPUT -p tcp -m tcp -m state --state NEW -m multiport --dports 111,2049 -s 18.181.0.53/255.255.255.255 -j ACCEPT
    29 -A INPUT -p tcp -m tcp -m state --state NEW -m multiport --dports 111,2049 -s 18.181.0.57/255.255.255.255 -j ACCEPT
    30 -A INPUT -p tcp -m tcp -m state --state NEW -m multiport --dports 111,2049 -j REJECT
    31 -A INPUT -p udp -m udp -m state --state NEW -m multiport --dports 111,2049 -s 127.0.0.1/255.0.0.0 -j ACCEPT
    32 -A INPUT -p udp -m udp -m state --state NEW -m multiport --dports 111,2049 -s 18.181.0.53/255.255.255.255 -j ACCEPT
    33 -A INPUT -p udp -m udp -m state --state NEW -m multiport --dports 111,2049 -s 18.181.0.57/255.255.255.255 -j ACCEPT
    34 -A INPUT -p udp -m udp -m state --state NEW -m multiport --dports 111,2049 -j REJECT
    35 -A INPUT -s 18.7.7.102/255.255.255.255 -j REJECT
    3623:FORWARD ACCEPT [0:0]
    3724:OUTPUT ACCEPT [500523:537785790]
Note: See TracChangeset for help on using the changeset viewer.