Is anyone familar with the firewall-config tool that comes installed with 7.2? I have a system that I need to put on the internet so obviously I need to lock it down. I only want the following incoming ports open: 22, 80, and 443. When on the machine, either on the console or through an x-session, I want it to have no restrictions going out. I've shut all the services down that I could, but I'd still like to lock it down as an extra safety measure.
It's not a firewall and has only one NIC. I'm trying to use the firewall-config tool to configure it, but it doesn't look right to me when I do ipchains -L. I'd be happy to send screen shots of the firewall-config settings directly to anyone if that will help. I'm also not sure what options I should use on the Options tab. Here's the ipchains -L output: [root]# ipchains -L Chain input (policy ACCEPT): target prot opt source destination ports icmp icmp ------ anywhere anywhere any -> any ACCEPT tcp ------ anywhere anywhere any -> any ACCEPT udp ------ anywhere anywhere any -> any ACCEPT tcp ------ anywhere anywhere ssh -> ssh ACCEPT udp ------ anywhere anywhere ssh -> ssh ACCEPT tcp ------ anywhere anywhere http -> http ACCEPT udp ------ anywhere anywhere http -> http ACCEPT tcp ------ anywhere anywhere https -> https ACCEPT udp ------ anywhere anywhere https -> https REJECT tcp ------ anywhere anywhere any -> any REJECT udp ------ anywhere anywhere any -> any Chain forward (policy DENY): Chain output (policy ACCEPT): Chain icmp (1 references): target prot opt source destination ports ACCEPT icmp ------ anywhere anywhere destination-unreachable ACCEPT icmp ------ anywhere anywhere source-quench ACCEPT icmp ------ anywhere anywhere time-exceeded ACCEPT icmp ------ anywhere anywhere parameter-problem ACCEPT icmp ------ anywhere anywhere echo-request ACCEPT icmp ------ anywhere anywhere echo-reply DENY all ------ anywhere anywhere n/a [root]# My first rule is that I allow 192.168.1.8(the current Ip address of the machine itself) to go anywhere. Eventually this will get changed to a real internet address. Instead of listing the ip address I entered, ipchains -L has "any" for the source. It looks wide open to me based on the second and third rule listed. Any help on this is greatly appreciated. James _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
