Re: IPTABLES firewall?

To: Charlie Grosvenor <charlie@thegrosvenors.fsnet.co.uk>
Cc: debian-firewall@lists.debian.org
Subject: Re: IPTABLES firewall?
From: SW <sw@enix.org>
Date: Sat, 02 Mar 2002 17:38:47 +0100
Message-id: <[🔎] 3C810017.A6620F0D@enix.org>
References: <[🔎] 001301c1c161$b6dc1670$8a2798d5@laptop>

You can do somethings like this :

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s myinternalnetwork -j ACCEPT
iptables -A FORWARD -p tcp --dport a-authorised-port -j ACCEPT
iptables -A FORWARD -p tcp --dport an-other-authorised-port -j ACCEPT
iptables -A FORWARD -j DROP (or REJECT)

state "related" permit module like ip_conntrack_ftp to work.


Wacquiez Sébastien


Charlie Grosvenor wrote:
> 
> Hi
>      I have 5 static public ip addresses that i have assigned to each of my
> machines, i have a debian machine which is the router and it has a ppp
> connection to the internet. This set up works fine, but i would like to add
> some security. I have blocked smb traffic from comming in and out using ip
> tables. Somebody alerted me to the fact that it was safer to enable certain
> ports and disable all others. Is it possible to block all incomming
> connections apart from the onces that i allow and allow all outgoing
> connections and allow the packets that come back as a result of these
> connections? If so how can i do so? Also does anybody have a iptables script
> that does this. I do not want to use NAT.

Reply to:

References:
- IPTABLES firewall?
  - From: "Charlie Grosvenor" <charlie@thegrosvenors.fsnet.co.uk>

Prev by Date: unsubscribe
Next by Date: DHCP Clients/server and Debians IPMasq package
Previous by thread: Re: IPTABLES firewall?
Next by thread: DHCP Clients/server and Debians IPMasq package
Index(es):
- Date
- Thread