Better iptables firewall

---

• From: Michael Pobega <pobega@xxxxxxxxx>
• Date: Thu, 30 Aug 2007 00:25:25 -0400

---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Currently I'm using iptables as my main firewall, and I'm having no
trouble with it whatsoever. But lately (Since college has started) I've
been connecting to a lot more networks, with more peers connected. I'm
worried about somebody breaking through the security on my laptop and
doing something malicious.

I'm hoping some seasoned Debian sysadmins out there can help me by
advising me on how to better setup iptables...My current setup is:


# Generated by iptables-save v1.3.6 on Mon Jun 18 09:55:18 2007
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [35639:3072343]
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A INPUT -p icmp -m limit --limit 1/sec -j ACCEPT
- -A INPUT -p icmp -j DROP
#-A INPUT -p tcp -m tcp --dport 5030 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 15000 -j ACCEPT
COMMIT
# Completed on Mon Jun 18 09:55:18 2007

The commented rules are uncommented in my ruleset for home (I only have
those ports forwarded on my home router, so opening them outside is a
potential security hazard)

- --
If programmers deserve to be rewarded for creating innovative
programs, by the same token they deserve to be punished if they
restrict the use of these programs.
- Richard Stallman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG1ka1g6qL2BGnx4QRAqiAAJ9ga+7x+ShT64BWbZ/59BYTJ+eCgQCfQo5O
ZLlBxl1aLfm3tlaDOO75GU0=
=CYxy
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

---

• Follow-Ups:
  • Re: Better iptables firewall
    • From: John L Fjellstad
  • Re: Better iptables firewall
    • From: Bonnel Christophe
  • Re: Better iptables firewall
    • From: Douglas A. Tutty
  • Re: Better iptables firewall
    • From: ndemou

• Prev by Date: Re: xterm won't start on AMD K6 with stock 2.6.22-1-486 kernel
• Next by Date: Re: Garmin GPS on USB port
• Previous by thread: Re: software suspend and system cloning
• Next by thread: Re: Better iptables firewall
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Irresponsible user stories! ... Did you end up figuring out who this person is, ... where he visits, and gotten him in trouble; ... If programmers deserve to be rewarded for creating innovative ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ... (Debian-User) Re: Getting network connection ... I successfully installed Debian on a laptop, ... but it's not connecting now. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject ... Trouble? ... (Debian-User) Re: phpmyadmin ... I just don't really understand what is going on as the same server will serve up other php pages, but phpmyadmin seems only able to serve html pages. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ... Trouble? ... (Debian-User) Re: _some_ DVDs wont play ... the DVD makes xine crash. ... No trouble playing almost all other DVDs. ... A borrowed set of LOTR discs will play on all machines. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ... (Debian-User) Re: How do you grow brocolli? ... People having trouble with vz bouncing email to me should add the word ... Copyright 2006 by Maurice Eugene Heskett, ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ... (Debian-User)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)