Solved

inputting IPTABLES rule help

Posted on 2004-08-16
4
245 Views
Last Modified: 2010-04-20
Hi

I've basically firewalled off everything except for SSH and Mail on a redhat server just using the security gui in gnome.

However I need to allow localhost to accept on 10025.

What would be the iptables command to insert this into the iptables rules?

Thanks

0
Comment
Question by:hnad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 250 total points
ID: 11817450
With respect to the localhost IP (127.0.0.1) it is completely safe to allow everything to/from that IP. The kernel will ensure that the localhost IP can't be abused from outside of the local machine. Any firewall I set up includes:

#
# The loopback interface is inheritly trustworthy. Don't disable it or
# a number of things on the firewall will break.
#
/sbin/iptables -A INPUT -i lo -j ACCEPT
0
 
LVL 1

Author Comment

by:hnad
ID: 11817580
Sorry never had to fiddle with iptables before. Basically my issue is I need to let a virus scanner bind to port 10025 and then firewall 10025 from all hosts except for localhost. Only Postfix will need to contact the virus scanner directly. Postfix and the virus scanner are on the same box.

Thanks.

0
 
LVL 40

Expert Comment

by:jlevie
ID: 11822701
The rule above will do that, and as I pointed out the kernel will ensure that the localhost IP can only be accessed from the local machine. This is true of all systems that have a TCP/IP stack since all of those have a localhost at 127.0.0.1. And as the comment for that rule says, not having the localhost IP open for connections will break other things.
0
 
LVL 1

Author Comment

by:hnad
ID: 11826145
ok thanks

Seems to be working ok.

:)
0

Featured Post

The Orion Papers

Are you interested in becoming an AWS Certified Solutions Architect?

Discover a new interactive way of training for the exam.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question