Ahat
Laboratory for Adaptive Hypermedia and Assistive Technologies
selected topics selected topics

related topics related topics
  • ...
Guests are welcome to view our materials. To subscribe, edit, view raw markup, etc., you'll need to register for an account. Accounts are free (and will always be free) - your involvement helps us directly and indirectly (by demonstrating that our work matters to our funders...) StartingPoints has more info.
Ahat 

# Manual config, HJH, 3/8/08
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
# HJH: loopback, trusted
-A RH-Firewall-1-INPUT lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
# HJH: p 51 is intel logical maint of phys address space - Never needs remote access! 
# HJH: multicast DNS, let through
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
# HJH: IPP, let through
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
# HJH: once established (or related to established), let through
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# HJH: ssh, let through
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
# HJH: http, let through
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
# HJH: https, let through
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
# HJH: smtp (mail), let through
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
# HJH: kerberized rlogin, let through until rsync for flexbackup
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 543 -j ACCEPT
# HJH: kerberized rsh, let through until rsync for flexbackup
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 544 -j ACCEPT
# HJH: SVN, let through
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3690 -j ACCEPT
# HJH: research port range, let through
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 50000:50500 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Login Register
selected tools for Ahat selected tools for Ahat
Reference Desk
r5 - 20 May 2008 - 23:14:47 - HilaryHolz
Guests are welcome to view our materials. To subscribe, edit, view raw markup, etc., you'll need to register for an account. Accounts are free (and will always be free) - your involvement helps us directly and indirectly (by demonstrating that our work matters to our funders...) StartingPoints has more info.
This site is powered by the TWiki collaboration platformCopyright 1999-2010 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Ahatwiki? Send feedback Syndicate this site RSSATOM