On Sat, Jan 27, 2007 at 12:27:03AM +1100, Kevin Waterson wrote:
> This one time, at band camp, Sonia Hamilton <[EMAIL PROTECTED]> wrote:
>
> > This *is* the simple method. Once you've installed shorewall, you'll
> > only have to edit a few files in /etc/shorewall - probably these:
>
> I dont doubt that shorewall is a good product for this.
You're right, it's overkill.
Just use system-config-securitylevel-tui; it has an option
to customize. Just allow incoming ssh.
> But I would prefer to simply edit the native files.
> Is this possible?
You can have a look at /etc/sysconfig/iptables after you
do the above and see what it's done.
I suggest you add a source address restriction (-s).
You make your change effective by either
# service iptables restart
or
# iptables-restore < /etc/sysconfig/iptables
I keep this file (/etc/sysconfig/iptables)
under revision control, I suggest you do too.
Matt
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
