Ahat
Laboratory for Adaptive Hypermedia and Assistive Technologies
selected topics selected topics

related topics related topics
  • ...
Guests are welcome to view our materials. To subscribe, edit, view raw markup, etc., you'll need to register for an account. Accounts are free (and will always be free) - your involvement helps us directly and indirectly (by demonstrating that our work matters to our funders...) StartingPoints has more info.
Ahat 

# Manual config, HJH, 3/8/08
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
# HJH: loopback, trusted
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-icmp -j ACCEPT
-A RH-Firewall-1-INPUT -m ipv6header --header esp -j ACCEPT
-A RH-Firewall-1-INPUT -m ipv6header --header ah -j ACCEPT
# HJH: multicast DNS, let through
-A RH-Firewall-1-INPUT -d ff02::fb/128 -p udp -m udp --dport 5353 -j ACCEPT
# HJH: IPP, let through
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
# HJH: once established (or related to established), let through
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# HJH: ssh, let through
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
# HJH: http, let through
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
# HJH: https, let through
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
# HJH: smtp (mail), let through
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
# HJH: kerberized rlogin, let through until rsync for flexbackup
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 543 -j ACCEPT
# HJH: kerberized rsh, let through until rsync for flexbackup
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 544 -j ACCEPT
# HJH: SVN, let through
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3690 -j ACCEPT
# HJH: research port range, let through
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 50000:50500 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited
COMMIT
Login Register
selected tools for Ahat selected tools for Ahat
Reference Desk
r6 - 30 Jul 2008 - 14:21:04 - HilaryHolz
Guests are welcome to view our materials. To subscribe, edit, view raw markup, etc., you'll need to register for an account. Accounts are free (and will always be free) - your involvement helps us directly and indirectly (by demonstrating that our work matters to our funders...) StartingPoints has more info.
This site is powered by the TWiki collaboration platformCopyright 1999-2010 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Ahatwiki? Send feedback Syndicate this site RSSATOM