RE: internet firewall
thanks for a fast reply.
>From: email@example.com [mailto:firstname.lastname@example.org]
>Sent: 18. juni 2001 10:46
>To: Anders Gjære
>Subject: Re: internet firewall
>On Mon, 18 Jun 2001, [iso-8859-1] Anders Gjre wrote:
>> i have a debian box with 2.4.5 kernel and iptables.
>> how should I set up the rules for iptables?
>> all ip's behind the firewall are valid internetaddresses, and should
>> reached throu the firewall..
>Well, I think that you have to configure properly your routing table
>then to filter ( incoming and/or outgoing ) the traffic which is going
>be forwarded by your box. And if you want to use a default policy of
>DENY(REJECT) or ACCEPT is another matter and is at your personal taste.
>Your rules have to be built thinking of what services on what boxes
>be available and to whom.
it should be default accept,
and behind the firewall there should be one shell-server(irc) and some
web-servers, and our office.
the only thing i need is a posibility to block ip's if we are victim for
is this a good way to block an ip/ip-range?
iptables -A INPUT -s $IP_TO_BLOCK -j REJECT
(or just use $1 instead of $IP_TO_BLOCK)
the only thing i need to know, is how do i route from eth0 to eth1,
>> it should also run zebra/bgp.
>For that ( after looking in /etc/services ) you have to permit
>on port number 179 ( tcp and udp ). And also you should not block
>connections to bgp peers from your box. Anyway in zebra docs you have
>find what ports are they using ( or just run zebra and see which ports
>that uses ).
>> could anoyone help me?
>> it should defalut allow everything, with the possibility to block
>> spesified ip's
>I think you should turn off every service that you don't need on
>your firewall ( I suggest to keep only ssh for remote connection and
>> for now there is just 2 interfaces, but later upgraded to 4 100mbit
>> 1 1gbps.
>> what hardware should be sufficient?
>> anders gj畣re