Re: iptables

To: debian-user@lists.debian.org
Subject: Re: iptables
From: Hugo Vanwoerkom <hvw59601@care2.com>
Date: Fri, 18 Nov 2005 08:01:13 -0600
Message-id: <[🔎] dlkmr9$u2k$1@sea.gmane.org>
In-reply-to: <[🔎] 561dc3260511051921g7c73d4a9t7dd7f007f56cb914@mail.gmail.com>
References: <[🔎] 004901c5e217$31329190$6402a8c0@breez> <[🔎] 561dc3260511051921g7c73d4a9t7dd7f007f56cb914@mail.gmail.com>

Jiann-Ming Su wrote:

On 11/5/05, Roy <pict001a@yahoo.co.uk> wrote:

I've been using Debian since the arrival of Sarge and found it excellent,
compared to Mandrake.  On Mandrake I was able to configure iptables, as the
file was located in etc/iptables, unfortunately being new to Debian i'm
unable to find the location of iptable.



Put your iptables rules in a file somewhere convenient, i.e.
/etc/iptables.up.rules:

  *filter
  :INPUT DROP [0:0]
  :FORWARD DROP [0:0]
  :OUTPUT ACCEPT [0:0]
  :IN_TCP - [0:0]
  -A INPUT -i lo -j ACCEPT
  -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  -A INPUT -p tcp -m state --state NEW -j IN_TCP
  -A IN_TCP -p tcp -m tcp --dport 22 -j ACCEPT
  -A IN_TCP -j ULOG --ulog-prefix "IN_TCP cleanup: "
  -A IN_TCP -j DROP
  COMMIT

Then update /etc/network/interfaces:

  #iface eth0 inet dhcp
  iface eth0 inet static
    pre-up iptables-restore < /etc/iptables.up.rules
    address 192.168.1.10
    netmask 255.255.255.0
    gateway 192.168.1.1


--
Jiann-Ming Su


A little late with the post but thanks for the suggestion!
I was looking for a way to start Firehol other than manually all the time.

H

Reply to:

Follow-Ups:
- Re: iptables
  - From: Wayne Topa <linuxone@intergate.com>

References:
- iptables
  - From: "Roy" <pict001a@yahoo.co.uk>
- Re: iptables
  - From: Jiann-Ming Su <sujiannming@gmail.com>

Prev by Date: Re: Synaptic wants to remove kernel image for python upgrade.
Next by Date: Re: Slow server response
Previous by thread: Re: iptables
Next by thread: Re: iptables
Index(es):
- Date
- Thread