[clug] Firewall rules for CentOS 4.4

Ben shadroth at gmail.com
Sat Mar 10 07:10:04 GMT 2007

I have a CentOS 4.4 box with:
eth0: 192.168.1.x subnet:
eth1: 192.168.2.x subnet:

I'm using NFS and restricting access by port range and I want to have access to stuff that doesn't.

I thought that by having separate NICs on separate networks, each with
their own subnet would address this issue, but if someone sets up a
192.168.2.x address on the same network as eth0 (and anyone could do
this), I was told there might be a possiblity of them doing something
to the NFS share intended for the subnet.

I want to create an iptables rule that drops any packets coming in
through eth0 that have anything to do with just to be
on the safe side.

After reading the man pages I've come up with the following, to be put
at the top  of the rules in /etc/sys-config/iptables (just before the
other rules starting with "-A RH-Firewall-1")

-A RH-Firewall-1-INPUT -i eth0 -s -j DROP
-A RH-Firewall-1-INPUT -i eth0 -d -j DROP

Will this do what I want?

More information about the linux mailing list