I have a lovely LTSP set-up which I'm trying to add a level of security to via IPTables on the LTSP server. For the life of me I can't seem to get past a TFTP time-out. Below is the script I'm using to load the rules. Anyone done this successfully?
# flush chains $IPTABLES -F # delete user defined chains $IPTABLES -X # set default policies (deny everything) $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP $IPTABLES -P OUTPUT DROP $IPTABLES -A INPUT -i eth0 -p udp --dport 67:68 --sport 67:68 -j ACCEPT $IPTABLES -A INPUT -i eth0 -p tcp --dport 547 -j ACCEPT $IPTABLES -A INPUT -i eth0 -p udp --dport 547 -j ACCEPT $IPTABLES -A INPUT -i eth0 -p tcp --dport 69 -j ACCEPT $IPTABLES -A INPUT -i eth0 -p udp --dport 69 -j ACCEPT $IPTABLES -A INPUT -i eth0 -s $DHCP_CLIENTS -p tcp --dport 1758 -j ACCEPT $IPTABLES -A INPUT -i eth0 -s $DHCP_CLIENTS -p udp --dport 1758 -j ACCEPT $IPTABLES -A INPUT -i eth0 -s $DHCP_CLIENTS -p tcp --dport 177 -j ACCEPT $IPTABLES -A INPUT -i eth0 -s $DHCP_CLIENTS -p udp --dport 177 -j ACCEPT $IPTABLES -A INPUT -i eth0 -s $DHCP_CLIENTS -p tcp --dport 4000:4002 -j ACCEPT $IPTABLES -A INPUT -i eth0 -s $DHCP_CLIENTS -p udp --dport 4000:4002 -j ACCEPT $IPTABLES -A INPUT -i eth0 -s $DHCP_CLIENTS -p tcp --dport 2049 -j ACCEPT $IPTABLES -A INPUT -i eth0 -s $DHCP_CLIENTS -p udp --dport 2049 -j ACCEPT $IPTABLES -A INPUT -i eth0 -s $DHCP_CLIENTS -p tcp --dport 111 -j ACCEPT $IPTABLES -A INPUT -i eth0 -s $DHCP_CLIENTS -p udp --dport 111 -j ACCEPT $IPTABLES -A INPUT -i eth0 -s $MONITOR -p tcp --dport 22 -j ACCEPT $IPTABLES -A INPUT -i eth0 -s $MONITOR -p udp --dport 22 -j ACCEPT $IPTABLES -A OUTPUT -s $DHCP_CLIENTS -p tcp --dport 69 -j ACCEPT $IPTABLES -A OUTPUT -s $DHCP_CLIENTS -p udp --dport 69 -j ACCEPT Brian Payst Director of Technology & Systems Support Division of Student Affairs The University of North Carolina at Chapel Hill voice:(919)962-1469 fax:(919)962-5241 ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
