[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IPTABLES firewall?

You can do somethings like this :

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s myinternalnetwork -j ACCEPT
iptables -A FORWARD -p tcp --dport a-authorised-port -j ACCEPT
iptables -A FORWARD -p tcp --dport an-other-authorised-port -j ACCEPT
iptables -A FORWARD -j DROP (or REJECT)

state "related" permit module like ip_conntrack_ftp to work.

Wacquiez Sébastien

Charlie Grosvenor wrote:
> Hi
>      I have 5 static public ip addresses that i have assigned to each of my
> machines, i have a debian machine which is the router and it has a ppp
> connection to the internet. This set up works fine, but i would like to add
> some security. I have blocked smb traffic from comming in and out using ip
> tables. Somebody alerted me to the fact that it was safer to enable certain
> ports and disable all others. Is it possible to block all incomming
> connections apart from the onces that i allow and allow all outgoing
> connections and allow the packets that come back as a result of these
> connections? If so how can i do so? Also does anybody have a iptables script
> that does this. I do not want to use NAT.

Reply to: