LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: inserting iptables rules

from [Derek Glidden] [Permanent Link]
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: inserting iptables rules
From: Derek Glidden <dglidden@xxxxxxxxxxxxxxx>
Date: Wed, 16 May 2001 12:09:54 -0400 
Joseph Mack wrote:
> 
> I've looked in all the HOWTO's etc
> 
> I'm writing iptables rules for the configure script.
> [....]
> 3. I could just start with an empty chain called SERVICES
> and add at line 1 in that. That would appear to work

If I understand the question, this would be the easiest way to go about
it.  You'd start with something like this (INPUT or whatever default
table you're modifying):

iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -j SERVICES
iptables -A INPUT -j DROP

then change/modify the SERVICES chain to your heart's content to
add/remove new rules.  That way you can do stuff like this if you need
to start allowing SMTP for example:

iptables -A SERVICES -p tcp --dport 25 -s 192.168.1.0/24 -j ACCEPT

and the rulechain starts to accept SMTP.  If you need to remove it, you
can delete with the same parameters:

iptables -D SERVICES -p tcp --dport 25 -s 192.168.1.0/24

By doing it that way, you can just "-A"ppend new rules to the SERVICES
chain without having to fiddle with where to "-I"nsert, and then
"-D"elete a rule using the same parameters you used to insert and again
don't have to know what rule # that rule was.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval 

usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
    | extract_mpeg2 | mpeg2dec - 

http://www.eff.org/                    http://www.opendvd.org/ 
         http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  inserting iptables rules, Joseph Mack
Next by Date:  Re: inserting iptables rules, Joseph Mack
Previous by Thread:  inserting iptables rules, Joseph Mack
Next by Thread:  Re: inserting iptables rules, Joseph Mack
Indexes:  [Date] [Thread] [Top] [All Lists]