Re: firewall for a client
Hi Michael:
Here's the explanation what I'm looking for... clean & easy (even for
me :D).
Now, I'm reading the documentation section at netfilter.org with the
purpose of increase my knowledge about iptables.
Thanks a lot for your time.
Regards from Spain!
On Mon, 2004-12-06 at 06:18 +0100, Michael Tschach wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> you can use a simple firewall script using iptables. the script lokks
> like this:
>
> $IPTABLES -P INPUT DROP
> $IPTABLES -P FORWARD DROP
> $IPTABLES -P OUTPUT ACCEPT
>
> $IPTABLES -A OUTPUT -p tcp -s $MYIP -d 0/0 -j ACCEPT
> $IPTABLES -A INPUT -p tcp -d $MYIP -s 0/0 -m state ESTABLISHED,RELATED
> - -j ACCEPT
>
>
> $IPTABLES -A INPUT -p tcp -d $MYIP -s 0/0 -j LOG --log-prefix "INPUT
> FIREWALL"
>
>
> This little script allows you to connect to the internet and deny every
> connection from the internet to your computer except all downloads you
> have started.
>
> The first three lines define the standard policy for each table. The
> next two lines allow all outgoing and related incoming connections. The
> last line writes all attemps to connect to a logfile.
>
> Hope this will help you.
>
> Michael.
> Víctor A. Ramos wrote:
> | Hi there!
> |
> | I write this e-mail, because I'd like to build a firewall on my Debian
> | system, using iptables.
> | My computer is a Internet client, and doesn't offer any service or
> | server to the Internet(no ssh, no smtp... anything), so the 'policy'
> | should be: reject all input connections and external pings.... and allow
> | all connections from my PC to Internet.
> |
> | I've looking and studying a lot of manuals and how-to's but all of them
> | are destinate to a Debian system working as a router for a LAN :-/
> |
> | Anyone would like to tell me where I can get some information about my
> | requirements?
> |
> | Thanks a lot
>
>
> - --
> Michael Tschach Büromat IT Systeme GmbH
> Softwareentwicklung Newtonstrasse 12
> Tel: +49 375 8109 0 08060 Zwickau
> Fax: +49 375 8109 256
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (MingW32)
>
> iD8DBQFBs+ufC+AbA0CPxiwRAmPBAKDVvJW2MP62dWAYIUkXqhRojGUBGgCfaFve
> Y5AliXRgiFlgS2251YOZJXA=
> =jcqE
> -----END PGP SIGNATURE-----
>
>
--
Víctor A. Ramos <itchysoft_AT_yahoo_DOT_es>
(o_ Debian GNU/Linux .'''`.
//\ Registered User : :' :
V_/_ #315167 `. `'
`
Jabber ID <vramos_AT_jabber_DOT_org>
Reply to: