Code:
iptables -A INPUT -i eth0 -s 192.168.1.0/255.255.255.0 -p tcp -m multiport --destination-ports 80,137,138,139,445 -j ACCEPT
iptables -A INPUT -i eth0 -s 192.168.1.0/255.255.255.0 -p udp -m multiport --destination-ports 80,137,138,139,445 -j ACCEPT
iptables -A INPUT -i eth0 -s 192.168.1.0/255.255.255.0 -p tcp -m multiport --destination-ports 80,137,138,139,445 -j ACCEPT
iptables -A INPUT -i eth0 -s 192.168.1.0/255.255.255.0 -p udp -m multiport --destination-ports 80,137,138,139,445 -j ACCEPT
Dakle, želim da ograničim pristup samo na one portove koje moram.
Pitanje: treba li da dodam i
Code:
iptables -A INPUT -i eth0 -s 192.168.1.0/255.255.255.0 -p icmp -j ACCEPT
iptables -A INPUT -i eth0 -s 192.168.1.0/255.255.255.0 -p icmp -j ACCEPT
da bih propustio i ICMP pakete?
Već je definisano:
Code:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Hoće li ovo posljednje pravilo da propusti sve potrebne ICMP pakete ili treba zaista ono gornje pravilo?
Ne bih da kroz firewall prolazi ništa što ne mora. ;)
Unaprijed hvala.
"I'd take the awe of understanding over the awe of ignorance any day."
- Douglas Adams
- Douglas Adams