- Posts: 52
- Thank you received: 0
Linux Firewall
18 years 11 months ago #12085
by gainil
Linux Firewall was created by gainil
Hi,
I have network consisting of Linux (RedHat 8,9 and Fedora) + Windows (All Versions) PCs. I use mount //servername/sharename -o username=username from Linux PC to access the files shared on windows machine. This thing works when the Firewall is fully disabled, I want to know how can i use customize firewall option to use only FTP, Telnet, SAMBA, WWW. Kindly tell me which port is to be opend if i want to connect to a windows PC for the above purpose.
To Enable/Disable/Customize firewall on RedHat Linux 9 I do :
#setup - then go to Firewall - then select the appropriate tab.
Kindly tell me how can i do the same from command prompt.
Thanks in advance and Merry X'Mas to all !!
gainil !!
I have network consisting of Linux (RedHat 8,9 and Fedora) + Windows (All Versions) PCs. I use mount //servername/sharename -o username=username from Linux PC to access the files shared on windows machine. This thing works when the Firewall is fully disabled, I want to know how can i use customize firewall option to use only FTP, Telnet, SAMBA, WWW. Kindly tell me which port is to be opend if i want to connect to a windows PC for the above purpose.
To Enable/Disable/Customize firewall on RedHat Linux 9 I do :
#setup - then go to Firewall - then select the appropriate tab.
Kindly tell me how can i do the same from command prompt.
Thanks in advance and Merry X'Mas to all !!
gainil !!
18 years 11 months ago #12097
by nske
Replied by nske on topic Re: Linux Firewall
You can do this by defining a default deny policy in your ruleset, and only passing traffic directed to the (default) ports:
Thanks to the stateful inspection feature you should not have any problems even for protocols that require initiating or accepting multiple connections in different ports like ftp, so you can set a default-deny policy to both incoming & outgoing traffic -correct me if I'm wrong.
You can customize the iptables ruleset more directly by editing the source file that is loaded by the init script (the init script should be located in /etc/init.d/iptables). I think on fedora/redhat the default ruleset file lays somewhere in /etc/sysconfig. You can also control the firewall through the init script, i.e. to restart, "/etc/init.d/iptables restart".
If you need a reference for the syntax, there are some great tutorials/howtos at the official site, www.netfilter.org/documentation/index.html .
If there's any problem let us know
Merry Christmas!
Telnet: 23 TCP
FTP: 21 TCP
SAMBA: 137, 138, 139 & 445 TCP & UDP
HTTP: 80 TCP
Thanks to the stateful inspection feature you should not have any problems even for protocols that require initiating or accepting multiple connections in different ports like ftp, so you can set a default-deny policy to both incoming & outgoing traffic -correct me if I'm wrong.
You can customize the iptables ruleset more directly by editing the source file that is loaded by the init script (the init script should be located in /etc/init.d/iptables). I think on fedora/redhat the default ruleset file lays somewhere in /etc/sysconfig. You can also control the firewall through the init script, i.e. to restart, "/etc/init.d/iptables restart".
If you need a reference for the syntax, there are some great tutorials/howtos at the official site, www.netfilter.org/documentation/index.html .
If there's any problem let us know
Merry Christmas!
Time to create page: 0.131 seconds