[clug] Firewall rules for CentOS 4.4
Ben
shadroth at gmail.com
Sat Mar 10 07:10:04 GMT 2007
I have a CentOS 4.4 box with:
eth0: 192.168.1.x subnet: 255.255.255.0
eth1: 192.168.2.x subnet: 255.255.255.0
I'm using NFS and restricting access by port range and I want
192.168.2.0/24 to have access to stuff that 192.168.1.0/24 doesn't.
I thought that by having separate NICs on separate networks, each with
their own subnet would address this issue, but if someone sets up a
192.168.2.x address on the same network as eth0 (and anyone could do
this), I was told there might be a possiblity of them doing something
to the NFS share intended for the 192.168.2.0/24 subnet.
I want to create an iptables rule that drops any packets coming in
through eth0 that have anything to do with 192.168.2.0/24 just to be
on the safe side.
After reading the man pages I've come up with the following, to be put
at the top of the rules in /etc/sys-config/iptables (just before the
other rules starting with "-A RH-Firewall-1")
-A RH-Firewall-1-INPUT -i eth0 -s 192.168.2.0/24 -j DROP
-A RH-Firewall-1-INPUT -i eth0 -d 192.168.2.0/24 -j DROP
Will this do what I want?
More information about the linux
mailing list