You want to ensure that the services on the ports to which you are allowing access are
properly configured before you allow packets to be accepted. In other words, don??™t open
port 80 until you have a Web server configured or port 53 before you have a DNS server configured.
The last three lines define the ports where connection packets are accepted from the Internet
for UDP services. This example assumes that DNS service (--destination-port 53)
is configured on the computer. It also illustrates lines that accept requests for two other
optional ports: Port 2074 is needed by some multimedia applications the users on your
LAN might want to use, and port 4000 is used by the ICQ protocol (for online chats).
CAUTION
NOTE
475
Running a Linux Firewall/Router 18
At this point you can run iptables -L again to see your new set of rules. If you have a connection
to the computer from your LAN, as I illustrated with some options previously, you can try to
ping the computer from the LAN. You can also try configuring different services and accessing
them from your network interfaces.
With this part of the procedure completed, your new firewall rules are built into the Linux kernel
but do not exist anywhere in a configuration file. Unless you save those rules, they will be gone the
next time you reboot your computer.
Pages:
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932