Re: IPTABLES doesn't work

From: Alexander Dalloz (alexander.dalloz_at_uni-bielefeld.de)
Date: 01/30/04

Next message: Alexander Dalloz: "Re: newbie PS1 config question"

Previous message: Hans Müller: "corn problem"
In reply to: Luciano Miguel Ferreira Rocha: "Re: IPTABLES doesn't work"
Next in thread: Marian POPESCU: "Re: IPTABLES doesn't work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: fedora-list@redhat.com
Date: Fri, 30 Jan 2004 12:13:18 +0100

Am Do, den 29.01.2004 schrieb Luciano Miguel Ferreira Rocha um 22:58:
> On Thu, Jan 29, 2004 at 01:34:34PM -0800, smoothmilk wrote:
> > anything? I dont understand how it just flat out doesn't work. I have no
> > idea how iptables works, and because there's no documentation out there
> > for beginners who just want a script that's for eth0 with a simple www,
> > ssh and ftp server(s), Im stuck using rh's tools, which don't do
> > anything. there's no security here.
>
> Shameless plug: http://strange.nsk.pt/mine/ipconf
>
> Or a simple script:

short annotations

> #! /bin/sh
> /sbin/modprobe ip_conntrack_ftp &> /dev/null

modprobe has the parameter "-q" to be quiet.

> /sbin/iptables -F
> /sbin/iptables -X
> /sbin/iptables -P FORWARD DROP
> /sbin/iptables -P INPUT DROP

To set policies to DROP and have no final REJECT rule is bad. DROP is no
good general rule.

> /sbin/iptables -P OUTPUT ACCEPT
> /sbin/iptables -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
> /sbin/iptables -A INPUT -p IMCP -j ACCEPT
> /sbin/iptables -A INPUT -p TCP --syn --dport http -j ACCEPT
> /sbin/iptables -A INPUT -p TCP --syn --dport ssh -j ACCEPT
> /sbin/iptables -A INPUT -p TCP --syn --dport ftp -j ACCEPT
> /sbin/iptables -A INPUT -p TCP --syn --dport ftp-data -j ACCEPT
>
> Regards,
> Luciano Rocha

Alexander

-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2149.nptl
Sirendipity 12:10:34 up 20:58, 7 users, 0.68, 0.28, 0.15 
                   [ Γνωθι σ'αυτον - gnothi seauton ]
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

Next message: Alexander Dalloz: "Re: newbie PS1 config question"

Previous message: Hans Müller: "corn problem"
In reply to: Luciano Miguel Ferreira Rocha: "Re: IPTABLES doesn't work"
Next in thread: Marian POPESCU: "Re: IPTABLES doesn't work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]