Virtual TapeServer 6.04.01 Installation Guide
Enabling Instant DR and AutoCopy | 103
To configure TCP/IP security
1. On the VTS server, create the /etc/sysconfig/iptables file and open it for editing.
2. Insert the following lines:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 873 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 873 -j ACCEPT
-A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i eth1 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m state --state INVALID -j REJECT
--reject-with icmp-port-unreachable
COMMIT
Here is an explanation of these lines:
• *filter
Set the “filter” table as the table to be modified.
• :INPUT ACCEPT [0:0]
Sets the INPUT chain to a default value of ACCEPT. The [0:0] parameter is the count
of packets and bytes to be set when establishing this chain.
• :FORWARD ACCEPT [0:0]
Sets the FORWARD chain to a default value of ACCEPT and its packet and byte
counters to 0.
• :OUTPUT ACCEPT [0:0]
Sets the OUTPUT chain to a default value of ACCEPT and its packet and byte
counters to 0.
• -A INPUT -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT
Allows connections on port 22 (SSH).
• -A INPUT -i eth1 -p tcp -m tcp --dport 873 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 873 -j ACCEPT
Allow RSH connections on UDP and TCP port 873.
• -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
Tracks the connections and allows only established connections. An established
connection is associated with a connection that has seen packets in both directions.
• -A INPUT -p tcp -m state --state RELATED -j ACCEPT
Allows connections that are of a related state only. A related connection is a new
connection that is associated with an existing connection.
• -A INPUT -p icmp -j ACCEPT
Allows ICMP traffic (ping and traceroute). This is not required but is helpful when
troubleshooting network issues.