Re: Specifying multiple services to Netfilter
"Laurence J. Lane" wrote:
> On Wed, Jun 06, 2001 at 11:46:11PM -0600, Stefan Srdic wrote:
>
> > iptables -A INPUT --protocol tcp -i $DSLIFACE -d $ANYADDR \
> > --destination-port :1023 -j REJECT
> > iptables -A INPUT --protocol tcp -i $DSLIFACE -s $ANYADDR \
> > --source-port :1023 -j REJECT
>
> I can't really follow what you're trying, but that second reject rule
> blocks outgoing traffic. (Use iptables -n -v -L to see the list of
> rules and a count of the packets that each affect.) You probably want to
> accept outbound traffic for specific ports before rejecting any.
>
Well, I'm trying to reject all well know ports and then allow only those that
I need for my home LAN. After a good night's sleep and some morning coffee I saw
that the second rule was not necessary. I eleminated it and I'm performing a
remote port scan to test my netfilter configuration.
Now with TCP almost out of the way I have to filter ICMP and UDP. Isn't port
filtering fun?
>
> > > Try "#!/bin/sh -x" instead.
>
> It displays the commands at the script executes. It's utile for debugging
> shell scripts.
Excellent, thanks for all your help. I'll have to post my final firewall
configuration once I'm done :-D
Stef
Reply to: