 | | | block port allowing localhost ip for that port only | block port allowing localhost ip for that port only 2004-02-13 - By Pete Nesbitt
Back
On February 12, 2004 08:49 am, Baltasar Caram�s wrote:
> <html > <div style= 'background-color: ' > <DIV class=RTE >
> <P >hi, i need to block port 8080 and allow only the localhost ip, i 'm new
> at linux and i have no idea how to do this, do i have to download ipfilter
> or there 's already a way to do that in the system. </P > <P >My linux is red
> hat 7.3 and i 'm working via telnet so i don 't have any visual enviroment,
> if anybody can help me i would really appreciate it, thx,
> byee <BR > <BR > </P > </DIV > </div > <br clear=all > <hr >MSN Fotos: la forma m�s f�cil
> de compartir e imprimir fotos. <a
> href= "
http://g.msn.com/8HMAESMX/2749??PS=
" >Haz clic aqu? </a > Get 2 months
> FREE*. </html >
Hi Baltasar,
First, you should use plain test (not html) for your posts, presuming hotmail
lets you do that(?).
I beleive RH 7.3 comes with both IPchains and IPtables. You want to use
IPtables (netfilter). However, it is probably simpler to set apache to bind
only to 127.0.0.1:8080.
Look for something like:
Listen 8080
and change it to:
Listen 127.0.0.1:8080
Of course, ading IPtables filtering will enhance that, plus allow you to offer
port 80 to the world if you want. You may want to get a fresh copy as the one
that shipped with RH7.3 would be dated. I would grab anew iptables from
netfilter. (removing the old rpm first may keep things simple or you may end
up with multiple binaries etc)
IPtables can be set up in many ways. I put a sample of a _very_ simple
firewall to run on a single system (1 nic only, not a 2 or 3 way firewall) at
http://nesbitt.yi.org/downloads/iptables.txt
It will allow web requests on port 80, and that 's about it. I have left out
lots of paranoid checks, logs, etc. but it should get you going.
It replaces (save a backup, it was created as [untested] cut 'n paste)
"/etc/init.d/rc.d/iptables " (and may need editing for path to iptabes etc)
Once that is in place, see what is running:
service ipchains status (or /etc/init.d/rc.d/ipchains status)
service iptables status (or /etc/init.d/rc.d/iptables status)
You may need to stop IPchains, and then start iptables.
service ipchains stop (or /etc/init.d/rc.d/ipchains stop)
service iptables start (or /etc/init.d/rc.d/iptables start)
or just in no chains running restart iptables:
service iptables restart (or /etc/init.d/rc.d/iptables restart)
To make that permanent;
chkconfig ipchains off
chkconfig iptables on
Hope that makes some sence.
--
Pete Nesbitt, rhce
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@(protected)?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
|
|
|