IPTABLES

Hi, I am a newby but a need to know something I think is quite complex.
I need to setup the firewall IPTABLES on CentOS (Readhat).
I wanted to know:
1) can I setup it from the conf file ? I see on the newsgroup that normally
people use the command bar by typing the commands, but I would prefere to do
it on the configuration file.

2) I have 2 ethernet: on eth1 I have the wan, on eth0 the lan. I wanted to
allow to acces FROM the LAN only to a computer with MAC ADRESS xxxxxx. Could
you write me kindly the command I have to put in the conf file ? Or better
if you could post a small example... would be great !!!

Thanks :-)

Charly wrote:

> Hi, I am a newby but a need to know something I think is quite complex.
> I need to setup the firewall IPTABLES on CentOS (Readhat).
> I wanted to know:
> 1) can I setup it from the conf file ? I see on the newsgroup that
> normally people use the command bar by typing the commands, but I would
> prefere to do it on the configuration file.
>

They are giving the rules, the rules can run from a command line or put into
a file that is run on boot or when reloaded.

> 2) I have 2 ethernet: on eth1 I have the wan, on eth0 the lan. I wanted to
> allow to acces FROM the LAN only to a computer with MAC ADRESS xxxxxx.

You know, of course this will work only if the computer is on the same
logical network (no other routers), right? Just checking.

> Could you write me kindly the command I have to put in the conf file ? Or
> better if you could post a small example... would be great !!!
>
> Thanks :-)

Most people that help do not consider themselves a command writing service.
Since there is much more to IPtables (as with all firewalls) than a single
manchine connecting, meaning more rules than what you are asking, I would
suggest you look at some of the GUI front ends to IP tables. I use:

http://www.fwbuilder.org/

But that might be a bit more complex than you would want to deal with. I
here many people do well with guarddog...

http://www.simonzone.com/software/guarddog/

Both of these generate files that will run the command sequences needed to
set up your firewall.

--

> 2) I have 2 ethernet: on eth1 I have the wan, on eth0 the lan. I wanted to
> allow to acces FROM the LAN only to a computer with MAC ADRESS xxxxxx.

To do filtering by MAC address (instead of IP address), you probably
want to look into "ebtables" rather than "iptables".

iptables does have a "mac" match, but it's only used for source address
matching, I believe, not destination address.

Charly wrote:
> Hi, I am a newby but a need to know something I think is quite complex.
> I need to setup the firewall IPTABLES on CentOS (Readhat).
> I wanted to know:
> 1) can I setup it from the conf file ? I see on the newsgroup that normally
> people use the command bar by typing the commands, but I would prefere to do
> it on the configuration file.
>
> 2) I have 2 ethernet: on eth1 I have the wan, on eth0 the lan. I wanted to
> allow to acces FROM the LAN only to a computer with MAC ADRESS xxxxxx. Could
> you write me kindly the command I have to put in the conf file ? Or better
> if you could post a small example... would be great !!!
>
> Thanks :-)
>
>
Google "iptables how-to". Good place to start.