Re: How to work with my iptables script

To: debian-firewall@lists.debian.org
Subject: Re: How to work with my iptables script
From: Tom Geissler <Tom@d7031.de>
Date: Wed, 25 Aug 2004 22:01:04 +0200
Message-id: <[🔎] 20040825200104.GA1049@d7031.de>
Reply-to: Tom Geissler <Tom@d7031.de>
In-reply-to: <[🔎] 20040825124019.D19930@planetcobalt.net>
References: <[🔎] 412C2C07.4020806@list.idg.dk> <[🔎] 20040825124019.D19930@planetcobalt.net>

* Ansgar -59cobalt- Wiechers <lists@planetcobalt.net> [25-08-04 12:40]:
> On 2004-08-25 Jacob Friis Larsen wrote:
> > ...
> > # STATE RELATED for router
> > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> 
> I would rather add a rule to accept ESTABLISHED,RELATED traffic in the
> OUTPUT chain and set the default OUTPUT policy to DROP.
> 
> You should also allow ICMP (at least some types) and REJECT TCP traffic
> (with RST) rather than just DROP it. IMHO.

Allow ICMP-Types 0, 3, 4, 8, 11 ,12 and REJECT also UDP traffic with
'port-unreachable'

-- 
Tom

Reply to:

Follow-Ups:
- Re: How to work with my iptables script
  - From: Jacob Friis Larsen <jfl@list.idg.dk>

References:
- How to work with my iptables script
  - From: Jacob Friis Larsen <jfl@list.idg.dk>
- Re: How to work with my iptables script
  - From: Ansgar -59cobalt- Wiechers <lists@planetcobalt.net>

Prev by Date: Re: Bad ulogd timestamp in logs {FOLLOWUP]
Next by Date: Re: All these open ports
Previous by thread: Re: How to work with my iptables script
Next by thread: Re: How to work with my iptables script
Index(es):
- Date
- Thread