Forum OpenACS Q&A: Re: basic firewall features on RH 8.0

Collapse
4: Re: basic firewall features on RH 8.0 (response to 1)
Posted by Mike Sisk on 06/11/03 08:13 PM
RH 8.0 uses iptables and a gui frontend to create a firewall called lokkit.

The config file for the firewall is in /etc/sysconfig/iptables and the program that creates the file is in /usr/sbin/lokkit

Use the service scripts to start, stop or reload the firewall: "service iptables start".

Basically, make a firewall with a "high" security level in lokkit and only open the ports you need: http, ssh, maybe smtp or ftp if you're using those. The networking scripts should automatically punch a hole in the firewall for named (DNS) services without you having to do anything.

The man pages, lokkit docs in /usr/share/doc, or the Red Hat site have more info in iptables firewalls.

Collapse
7: Re: basic firewall features on RH 8.0 (response to 4)
Posted by James Bennin on 08/22/03 04:38 PM
I have this thread and I am having the contrary firewall problem. I am using Red Hat Linux 8.0 with OpenACS 4.6.3. My firewall is set too high, and people on the network where my machine is on (the one with aolserver) cannot access my server/page at http://.....:8000. How do I reconfigure the firewall setting so I allow communication through port 8000 and 8443 (for secure logging). This is what my /etc/sysconfig/iptables file contains : 
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 140.188.64.153 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT
So how do I modify this to allow communication on ports 8000 and 8443?? If there are any other information you need please let me know. Thank you