User Tools

Site Tools


network:firewall

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision Both sides next revision
network:firewall [2016/02/03 20:58]
walter created
network:firewall [2016/02/04 21:38]
walter [How to Open a Port]
Line 4: Line 4:
  
 ====== How to Open a Port ====== ====== How to Open a Port ======
 +<WRAP center round important 60%>
 +Don't forget to save the new config with **iptables-save > /​etc/​iptables/​iptables.conf** unless editing the config directly. ​
 +</​WRAP>​
  
-FIXME+**First** gather the list of ports you need on which protocol.  
 + 
 +===== INPUT Chain ===== 
 +This allows the port to make it through the INPUT chain and onto forwarding. \\ 
 +The affects the INPUT chains for ALL network devices, although loopback is handled prior to this. \\ 
 +Use the -i <​interface>​ flag to restrict the rule to one network interface.\\ 
 +==== Single Port ==== 
 +<​code>​ 
 +iptables -A <​TCP|UDP>​ -p <​tcp|udp>​ -m <​tcp|udp>​ --dport <​port>​ -j ACCEPT 
 +</​code>​ 
 +==== Multiple Ports ==== 
 +<​code>​ 
 +iptables -A <​TCP|UDP>​ -p <​tcp|udp>​ -m multiport --dports <​port1>,<​port2>,​...,<​portN>​ -j ACCEPT 
 +</​code>​ 
 +===== FORWARD Chain ===== 
 + 
 +If this interface has not been added to the list of interfaces allowed to forward packets between them, you must first add it with. 
 +<​code>​ 
 +iptables -A fw-interfaces -i <​interface>​ -j ACCEPT 
 +</​code>​ 
 +Afterwards, you can add the rules that forward ports to specific machines.  
 +==== Single Port ==== 
 +<​code>​ 
 +iptables -A fw-open -d <​x.x.x.x/​32>​ -p <​tcp|udp>​ -m <​tcp|udp>​ --dport <​port>​ -j ACCEPT 
 +</​code>​ 
 +==== Multiple Ports ==== 
 +<​code>​ 
 +iptables -A fw-open -d <​x.x.x.x/​32>​ -p <​tcp|udp>​ -m multiport --dports<​port1>,<​port2>,​...,<​portN>​ -j ACCEPT 
 +</​code>​
network/firewall.txt · Last modified: 2021/05/02 21:36 (external edit)