Mailinglist Archive: opensuse (4570 mails)
| < Previous | Next > |
A question for the iptables gurus. :)
- From: Ben Rosenberg <red.kryptonite@xxxxxxxxx>
- Date: Fri, 4 Nov 2005 04:44:05 +0000 (UTC)
- Message-id: <e8fb47930511032044p4bf25997gfb16a57962efb89d@xxxxxxxxxxxxxx>
I'm trying to write some iptables rules so that I can let someone
telnet to machines on a 10.0.0.0 network but not allow them to telnet
anywhere else.. effectively blocking outbound telnet to ANYTHING
except the machines on the 10.0.0.0 network. I thought I had it but I
guess I don't. The rules are as follows...
# allow outgoing telnet traffic
/usr/sbin/iptables -A FORWARD -p TCP -i eth2 -d 10.0.0.0/8 --dport 23 -j ACCEPT
# block all other outgoing telnet traffic
/usr/sbin/iptables -A FORWARD -p TCP -i eth2 -d 0/0 --dport 23 -j DROP
This machine is a Compaq DL760 with 2 dual port 10/100 cards in it and
eth2 is the first port on card 2.
Any help would be appreciated.
Thanks!
-Ben
--
Atheism is a non-prophet organization.
telnet to machines on a 10.0.0.0 network but not allow them to telnet
anywhere else.. effectively blocking outbound telnet to ANYTHING
except the machines on the 10.0.0.0 network. I thought I had it but I
guess I don't. The rules are as follows...
# allow outgoing telnet traffic
/usr/sbin/iptables -A FORWARD -p TCP -i eth2 -d 10.0.0.0/8 --dport 23 -j ACCEPT
# block all other outgoing telnet traffic
/usr/sbin/iptables -A FORWARD -p TCP -i eth2 -d 0/0 --dport 23 -j DROP
This machine is a Compaq DL760 with 2 dual port 10/100 cards in it and
eth2 is the first port on card 2.
Any help would be appreciated.
Thanks!
-Ben
--
Atheism is a non-prophet organization.
| < Previous | Next > |