1. What service you want to open up?
2. Whether it is a tcp or udp service?
3. What port number(s) it uses?
You may also wish to think about restricting access to certain machines; e.g. if you only want people in the X dept to access the machine.
For example, to enable ssh access to your box from anywhere on campus, you could use something like
iptables -A allowed -p tcp --dport 22 -s 129.2.0.0/16 -j ACCEPT
iptables -A allowed -p udp --dport 22 -s 129.2.0.0/16 -j ACCEPT
iptables -A allowed -p tcp --dport 22 -s 128.8.0.0/16 -j ACCEPT
iptables -A allowed -p udp --dport 22 -s 128.8.0.0/16 -j ACCEPT
This allows both udp and tcp traffic from either of the two class B networks to access port 22 on your machine. Of course, you need to have an sshd daemon running as well for this to work; the code above merely punches the required holes in the firewall.
0 comments:
Post a Comment