IPtable help and comments
Sorry i am posting this again to this list,
but debian-firewall list was essentially mute.
I am trying to run a very secure firewall which also
servesa as my gateway.
After reading the docs, its is still unclear
how i would open up the gateway/firewall to an outside
also I would like to hear any comments
about the follow iptables script
which is my startup.
#chmod 755 is needed to make this executable
#Turn on ip_forward with this command
echo 1 > /proc/sys/net/ipv4/ip_forward
#Clean up tables
#This allow maquerading
iptables -t nat -A POSTROUTING -j MASQUERADE
#This allow a connection from inside the network
iptables -A INPUT -s 192.168.2.2 -j ACCEPT
iptables -A OUTPUT -d 192.168.2.2 -j ACCEPT
iptables -A INPUT -s 192.168.2.20 -j ACCEPT
iptables -A OUTPUT -d 192.168.2.20 -j ACCEPT
iptables -A INPUT -s 192.168.2.3 -j ACCEPT
iptables -A OUTPUT -d 192.168.2.3 -j ACCEPT
# Disallow NEW and INVALID incoming or forwarded packets from eth0.
#iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP
#iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP
#Most people just have a single PPP connection to the Internet,
#and don't want anyone coming back into their network, or the firewall:
## Create chain which blocks new connections, except if coming from
iptables -N block
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A block -j DROP
## Jump to that chain from INPUT and FORWARD chains.
iptables -A INPUT -j block
iptables -A FORWARD -j block
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
#LOG EVEYTHING FOR NOW
#iptables -A INPUT -i eth0 -j LOG --log-prefix "IN"
#iptables -A OUTPUT -o eth0 -j LOG --log-prefix "OUT"