?
Solved

inputting IPTABLES rule help

Posted on 2004-08-16
4
Medium Priority
?
247 Views
Last Modified: 2010-04-20
Hi

I've basically firewalled off everything except for SSH and Mail on a redhat server just using the security gui in gnome.

However I need to allow localhost to accept on 10025.

What would be the iptables command to insert this into the iptables rules?

Thanks

0
Comment
Question by:hnad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 750 total points
ID: 11817450
With respect to the localhost IP (127.0.0.1) it is completely safe to allow everything to/from that IP. The kernel will ensure that the localhost IP can't be abused from outside of the local machine. Any firewall I set up includes:

#
# The loopback interface is inheritly trustworthy. Don't disable it or
# a number of things on the firewall will break.
#
/sbin/iptables -A INPUT -i lo -j ACCEPT
0
 
LVL 1

Author Comment

by:hnad
ID: 11817580
Sorry never had to fiddle with iptables before. Basically my issue is I need to let a virus scanner bind to port 10025 and then firewall 10025 from all hosts except for localhost. Only Postfix will need to contact the virus scanner directly. Postfix and the virus scanner are on the same box.

Thanks.

0
 
LVL 40

Expert Comment

by:jlevie
ID: 11822701
The rule above will do that, and as I pointed out the kernel will ensure that the localhost IP can only be accessed from the local machine. This is true of all systems that have a TCP/IP stack since all of those have a localhost at 127.0.0.1. And as the comment for that rule says, not having the localhost IP open for connections will break other things.
0
 
LVL 1

Author Comment

by:hnad
ID: 11826145
ok thanks

Seems to be working ok.

:)
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month14 days, 14 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question