I would like to open up a
few ports, but only when they come in on a particular adaptor/subnet. How do I go about this?
My iptables is/are auto configured by
system-config-securitylevel so I have not edited iptables file directly, but I have tried things like "iptables -A -i tun0 -s 10.8.0.0/24
-j ACCEPT" and "iptables -A RH-Firewall-1-INPUT -i tun0 -j ACCEPT" but nothing
happens.
[root@myserver
~]# ifconfig
...
tun0 Link encap:UNSPEC
HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet
addr:10.8.0.1 P-t-P:10.8.0.2
Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500
Metric:1
RX
packets:965 errors:0 dropped:0 overruns:0
frame:0
TX packets:987
errors:0 dropped:0 overruns:0
carrier:0
collisions:0
txqueuelen:100
RX
bytes:90379 (88.2 KiB) TX bytes:179210 (175.0 KiB)
[root@myserver ~]#
iptables -A -i tun0 -s 10.8.0.0/24 -j ACCEPT
Bad argument
`tun0'
However
[root@myserver ~]# iptables -A RH-Firewall-1-INPUT -i
tun0 -j ACCEPT
works in the sense that it does
not give an error, but it also does not seem to do
anything.
# Firewall configuration written by
system-config-securitylevel
# Manual customization of this file is not
recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT
[0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j
RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A
RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp
--icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d
224.0.0.251 -j ACCEPT
...
-A RH-Firewall-1-INPUT -m state --state
ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m
tcp -p tcp --dport 22 -j ACCEPT
...
-A RH-Firewall-1-INPUT -j REJECT
--reject-with icmp-host-prohibited
COMMIT