Php4, Php5 Programming, Ftp Web Hosting, Subdomain, Cpanel Blog

620 Part IV . Implementing Network Services in SUSE Linux This may seem like quite a big security hole, but bear in mind that it will allow only a connection that has been established, not a new connection. For the stateful rules to kick in, you would have already had to allow a new connection through the chain. Depending on how paranoid you are about security, you may not want to allow all new connections from the firewall itself. However, if you want to use the firewall machine as a server, or want to be able to bounce from the machine to other hosts without the burden of setting up new rules for every protocol or TCP port you want to connect to, it is quite useful. At this point, your firewall is locked down with the exception of allowing outgoing connections. Now, suppose you want to allow an incoming SSH connection to the firewall. Adding a Rule When you add a rule proper, you need to specify as much information as possible to have full control over the TCP/IP packets you are allowing into the trusted network. At a minimum, you need the chain, protocol, and destination port. With just this information, you do not have a very good rule, because it does not specify the interface you are allowing the SSH connection to. Another option that can be set is the connection type: . NEW This is a new connection; no other traffic is associated with this packet. . ESTABLISHED This packet is from a machine you already have a connection to (remember, you both send and receive data when a connection exists). . RELATED This packet is related to an existing connection. The FTP protocol, for example, makes a connection to the FTP server, and the FTP server actually makes a separate connection to the client. This separate connection from the server to the client is a RELATED connection. iptables A INPUT p tcp dport ssh i eth0 j ACCEPT In this example, you have told netfilter that you want to append (-A) a rule to the INPUT chain, specifying the TCP protocol (-ptcp), with a destination port (-dport) of ssh (port 22), incoming (-i) on the eth0 interface, and finally that you want to ACCEPT the packet (-jACCEPT). The -j parameter means jump to a target. Remember that netfilter rules are in a chain, so you are saying, Stop processing this chain because you have a match and jump to the target. In this case, ACCEPT. Note The -dport parameter can take either a numerical port number or a service name that is specified in /etc/services.
Searching for affordable and proven webhost to host and run your servlet applications? Go to Linux Web Hosting services and you will find it.

This entry was posted on Wednesday, September 26th, 2007 at 6:04 pm and is filed under Domain. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.