Re: about iptables
- From: Grant <bugsplatter@xxxxxxxxx>
- Date: Fri, 28 Apr 2006 11:06:18 +1000
On 27 Apr 2006 17:28:00 -0700, "ParTizan" <ParTizanPuPkin@xxxxxxxxx> wrote:
thanks! but , do I really need all these settings?
as you can see , I'm already behind my router.
Assuming you reply to me (pls quote context in replies), start with:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -p all --match state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p all -i lo -j ACCEPT
for standalone (single box + modem) operation.
Those lines basically allow output from box, but only expected
(requested) traffic can come back into the box. I suggest you
add some OUTPUT logging for debug, perhaps:
iptables -A OUTPUT -p all -o eth0 -j LOG --log-level info \
--log-prefix "fw_out: "
"--log-level info" sends to /var/log/messages, do a tail -f on the log
to watch the thing in action.
Grant.
--
Memory fault -- brain fried
.
- Follow-Ups:
- Re: about iptables
- From: ParTizan
- Re: about iptables
- References:
- about iptables
- From: ParTizan
- Re: about iptables
- From: Grant
- Re: about iptables
- From: ParTizan
- about iptables
- Prev by Date: Re: about iptables
- Next by Date: Re: about iptables
- Previous by thread: Re: about iptables
- Next by thread: Re: about iptables
- Index(es):
Relevant Pages
|
