Re: trouble with firewall settings GUI

laredotornado@xxxxxxxxxxx wrote:
Allen Kistler wrote:
laredotornado@xxxxxxxxxxx wrote:
Hi,

I have Fedora Core 5 installed on an x86 desktop machine. I want to
open port 8080 in my firewall. So I logged in as a normal user, went
to the start menu, selected "System", "Administration", and "Security
Level and Firewall", entering in the root password along the way. When
the popup box appeared, I opened up the "Other Ports" section and added
8080. Then I clicked "OK" but the popup didn't close. I clicked OK
several times. Then I clicked the "X" to close. When I went back the
setting had not been saved.

What must I do to open port 8080?

vi /etc/sysconfig/iptables
/etc/init.d/iptables restart

Thanks. I'm hesitant because the second line of the file says "Manual
customization is not recommended." What line would I add to open 8080?
This is my file as it stands now:

I'll limit myself to the simplest changes.

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT

Move the ESTABLISHED,RELATED line to here.
Add a line to drop INVALID.

-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

Some ICMP is good, but not all. Think about this one.

-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

Do you really want anyone to administer and to print to cups from the
Internet?
You can add the line here for tcp port 8080.

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT

Make sure to lock ssh down. No root logins. Public key authentication
only.

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j
ACCEPT

Leaves you open to password guessing attacks.

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j
ACCEPT

Leaves you open to password guessing attacks, unless it's anonymous ftp
only.

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443
-j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
.

Relevant Pages

  • Re: [SLE] Firewall headaches with NFS
    ... On Saturday 29 January 2005 12:28 pm, Dan wrote: ... >> find the open port for firewall there too. ... This helps you setup SuSEfirewall2 ...
    (SuSE)
  • Re: Postfix: can send but cant receive
    ... blocked by a firewall - did you open port 25 in the Mac firewall?? ... I can connect on 127.0.0.1 and I did open port 25 in the ... open ports on the 10.4.7 iMac G5, it shows only afp, ssh, http, ... can't look at my office Mac's Sharing System Pref any other way ...
    (comp.sys.mac.system)
  • Re: receiving mail
    ... Did you open port 25 on your firewall? ... Did you install an Internet Mail Connector? ... then its probably your firewall. ... Please do not send e-mail directly to this alias. ...
    (microsoft.public.exchange.setup)
  • Re: Would a firewall prevent Sasser worm?
    ... Since fam is monitoring local filesystems there ... >>is no need to open port 111 to anything other than the loopback ... "default" installation for firewalling anyway because a GUI is ... firewall by default) and one where you have to get down to the ...
    (comp.security.firewalls)
  • Re: Web Server
    ... > stealth ports. ... An open port cannot be protected by the firewall. ... Well then shed a light on your Blackice. ...
    (comp.security.firewalls)