I have a server at servermatrix with 5 virtual interfaces (eth0:0, eth0:1, etc). I need a firewall to allow the rules that they require at servermatrix plus ssh, http/s and some others, and I plan to allow only specific traffic on each interface. I need it to be easy to add future ports, and there should also be a place to add IPs or ranges that are to be blocked. My IPTables skill is modest and has only been exercised in a limited capacity. I don't think I can trust myself to get this right. If you can help, pm me with your fee. I'd like to get this done tonight if it's possible. I'll pay you via paypal.
After several hours of research, I got the issue resolved by myself. The server matrix people are including IPchains rules and asking people to implement them in IPTables. That simply doesn't work. Oddly enough, no one wanted the job. All's well that ends well I guess.
The following rules are ipchains rules that do exactly the same thing as the rules above, except that acctboth is an ipchains command, not an iptables command:
--- begin ---
iptables -I acctboth 1 -p tcp -s 18.104.22.168 -j ACCEPT
iptables -I acctboth 2 -p tcp -d 22.214.171.124 -j ACCEPT
iptables -I acctboth 3 -p tcp --dport 1040 -j ACCEPT
iptables -I acctboth 4 -p tcp --dport 1248 -j ACCEPT
iptables -I acctboth 5 -p tcp --sport 1040 -j ACCEPT
iptables -I acctboth 6 -p tcp --sport 1248 -j ACCEPT
--- end ---
They are telling people to implement identical ipchains rules in an iptables script , which is pointless and impossible. I think they probably meant to post rules for both firewalls. one of their techs emailed me these rules on Friday when I asked them what they needed open. I have contacted SM and asked them to adjust their requirements.