yuri wrote: > Hi all, > > I'm makara, a student from Cambodia.I saw a lot of > samples about iptables most of these samples not > specific OUTPUT, and a little accept all OUTPUT by > default. Could you tell me why?(I think OUTPUT is the > most importance part. It protect the viruses send > something from LAN to external). And hope you give me > any idea from my firewall script if possible I hope > you tell me what line I shouldn't use, why and what > should I use. Thanks for advance. I'm new in Linux and > sorry for my english. :( If you're new to Linux, start with a higher level tool, like shorewall or one of the user-level firewalls. They generate the rules for you, and you are less likely to make silly scripting mistakes. I think you and Ansgar are talking about different things: you're talking about the output chain, which is output from the firewall itself, and he's talking about forwarding traffic out from the LAN. I think both need to be blocked. The firewall, because it's got no business initiating outgoing traffic (with certain exceptions like obtaining patches or NTP), and the clients, because they should be going via a proxy. I run a school network with about 400 nodes (excluding printers), and i would never allow the machines direct access to the Internet. -- Paul <http://paulgear.webhop.net> -- Did you know? Email is not private and can be viewed by your ISP, the recipient's ISP, and possibly other parties. You can make sure your emails are private by using GNU Privacy Guard <http://www.gnupg.org> and an email plug-in like Enigmail <http://enigmail.mozdev.org>.
Attachment:
signature.asc
Description: OpenPGP digital signature