[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Specifying multiple services to Netfilter

"Laurence J. Lane" wrote:

> On Wed, Jun 06, 2001 at 11:46:11PM -0600, Stefan Srdic wrote:
> > iptables -A INPUT --protocol tcp -i $DSLIFACE -d $ANYADDR \
> >     --destination-port :1023 -j REJECT
> > iptables -A INPUT --protocol tcp -i $DSLIFACE -s $ANYADDR \
> >     --source-port :1023 -j REJECT
> I can't really follow what you're trying, but that second reject rule
> blocks outgoing traffic. (Use iptables -n -v -L to see the list of
> rules and a count of the packets that each affect.) You probably want to
> accept outbound traffic for specific ports before rejecting any.

Well, I'm trying to reject all well know ports and then allow only those that
I need for my home LAN. After a good night's sleep and some morning coffee I saw
that the second rule was not necessary. I eleminated it and I'm performing a
remote port scan to test my netfilter configuration.

Now with TCP almost out of the way I have to filter ICMP and UDP. Isn't port
filtering fun?

> > > Try "#!/bin/sh -x" instead.
> It displays the commands at the script executes. It's utile for debugging
> shell scripts.

Excellent, thanks for all your help. I'll have to post my final firewall
configuration once I'm done :-D


Reply to: