IPTables and dial-up
I have finally gotten iptables set up on my system. Basically, it is a
single-user desktop with no open services (except for CUPS listening to
127.0.0.1).
I am using a script created by "firestarter" and copied into
/etc/ppp/ip-up.d. Then, in /etc/ppp/ip-down.d/, I created a file that would
do iptables -F, -X, and then -Z. However, I found that after disconnecting,
CUPS would hang, and nmap could not connect to localhost unless I also reset
Policies for INPUT and OUTPUT back to ACCEPT.
Is this the proper way to handle iptables? I'm sure I need to wait until
after connecting to set it up, but then I'm not sure about what to do after
disconnect. Is it a good idea to reset iptables right after disconnect?
Also, would it also be good to do an iptables reset at shutdown for cases
where I might shut down without disconnecting from my ISP, or does it even
matter that they are shut down?
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: