Re: Re[2]: simple iptables rules

To: debian-firewall@lists.debian.org
Subject: Re: Re[2]: simple iptables rules
From: Tarragon Allen <tarragon@onthe.net.au>
Date: Thu, 9 Oct 2003 17:02:04 +1000
Message-id: <[🔎] 200310091702.04104.tarragon@onthe.net.au>
In-reply-to: <[🔎] 1496684112.20031009083354@hagenaars.nu>
References: <[🔎] 200310082038.53894.rlem6983@mail.usyd.edu.au> <[🔎] 200310091133.53024.tarragon@onthe.net.au> <[🔎] 1496684112.20031009083354@hagenaars.nu>

On Thursday 09 October 2003 16:33, Léon Hagenaars wrote:
> Thursday, October 9, 2003, 3:33:53 AM, Tarragon Allen wrote:
>
> TA> On Thursday 09 October 2003 01:09, Tiago Fernandes wrote:
> >> hi,
> >>
> >> i thing that this should do the trick, for you
> >>
> >> iptables -F
> >> iptables -P INPUT DROP
> >> iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
> >> iptables -A INPUT -i "ppp0 or -s external_ip" -m state --state
> >> ESTABLISHED,RELATED -j ACCEPT
> >>
> >> all packages related with sended packages should be accepted.
>
> TA> You might need to add this as well :
>
> TA> iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> TA> t
> TA> --
> TA> GPG: http://n12turbo.com/tarragon/public.key
>
> I don't think te "iptables -A OUTPUT" line is needed, as the default policy
> is ACCEPT and I don't see anything has changed in the OUTPUT of iptables.

Will iptables keep state on outgoing connections without you implicitly 
telling it to though?

t
-- 
GPG: http://n12turbo.com/tarragon/public.key

Reply to:

Follow-Ups:
- Re: simple iptables rules
  - From: Tiago Fernandes <l13614@alunos.uevora.pt>

References:
- simple iptables rules
  - From: Renai <rlem6983@mail.usyd.edu.au>
- Re: simple iptables rules
  - From: Tarragon Allen <tarragon@onthe.net.au>
- Re[2]: simple iptables rules
  - From: Léon Hagenaars <leon@hagenaars.nu>

Prev by Date: Re: ICMP drop.
Next by Date: Re: ICMP drop.
Previous by thread: Re[2]: simple iptables rules
Next by thread: Re: simple iptables rules
Index(es):
- Date
- Thread