Re: firewall for a client
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
you can use a simple firewall script using iptables. the script lokks
like this:
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -A OUTPUT -p tcp -s $MYIP -d 0/0 -j ACCEPT
$IPTABLES -A INPUT -p tcp -d $MYIP -s 0/0 -m state ESTABLISHED,RELATED
- -j ACCEPT
$IPTABLES -A INPUT -p tcp -d $MYIP -s 0/0 -j LOG --log-prefix "INPUT
FIREWALL"
This little script allows you to connect to the internet and deny every
connection from the internet to your computer except all downloads you
have started.
The first three lines define the standard policy for each table. The
next two lines allow all outgoing and related incoming connections. The
last line writes all attemps to connect to a logfile.
Hope this will help you.
Michael.
Víctor A. Ramos wrote:
| Hi there!
|
| I write this e-mail, because I'd like to build a firewall on my Debian
| system, using iptables.
| My computer is a Internet client, and doesn't offer any service or
| server to the Internet(no ssh, no smtp... anything), so the 'policy'
| should be: reject all input connections and external pings.... and allow
| all connections from my PC to Internet.
|
| I've looking and studying a lot of manuals and how-to's but all of them
| are destinate to a Debian system working as a router for a LAN :-/
|
| Anyone would like to tell me where I can get some information about my
| requirements?
|
| Thanks a lot
- --
Michael Tschach Büromat IT Systeme GmbH
Softwareentwicklung Newtonstrasse 12
Tel: +49 375 8109 0 08060 Zwickau
Fax: +49 375 8109 256
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
iD8DBQFBs+ufC+AbA0CPxiwRAmPBAKDVvJW2MP62dWAYIUkXqhRojGUBGgCfaFve
Y5AliXRgiFlgS2251YOZJXA=
=jcqE
-----END PGP SIGNATURE-----
Reply to: