vicidial.org

What addition or change needs to be done on IPTable if I want to give server access to Lan and 89.XXX.XXX.XXX IP Only ?

in yast firewall allowed services, delete them all. this includes the "advanced" section of allowed services (bottom right corner): remove all open port entries (will all be blank when you are done).

if you are NOT in the building, leave ssh in the allowed services until you confirm that you have not locked yourself out of the other ports, but you HAVE locked everyone else out. LOL

next go to "custom" in yast firewall and add 89.0.0.0/8 with both tcp and udp (two entries)

not a bad idea to add yourself as well (but with /32 for a single ip address). for 89.115.xxx.xxx it would be 89.115.0.0/16 and for 89.115.222.xxx it would be 89.115.222.0/24. but always remember you'll need BOTH TCP and UDP for web and phone registration to work.

this is not total lockdown, however, you also need to remove "ping" from the yast config file (otherwise your server will respond to ping, which is a serious security risk, it's a flag saying "hey! attack me! I'm here!" LOL)

Code: Select all

nano +730 /etc/sysconfig/SuSEfirewall2

Wow.. Though Doesnt look very easy if I try the same on Production server !!

that portion/method actually is very easy. there's only one bit that's done in a "conf" file (it may be able to be turned off in a menu somewhere, I just haven't found it! LOL)