Re: Iptable + ftp + ssh

[Igor Genibel <igor@genibel.org>]

On Tue, Jul 24, 2001 at 03:24:28AM +0200, Régis Gaidot wrote:
> Bonjour à tous,
Salut,

essaye un truc du genre:
        echo "Setting up policy"
        iptables -P INPUT DROP
        iptables -P OUTPUT DROP
        iptables -P FORWARD DROP
        echo "flush everything"
        iptables -F INPUT
        iptables -F OUTPUT
        iptables -F FORWARD
        iptables -F block

        echo
        echo "All interfaces:"
        echo "  Accept anything on loopback"
        iptables -A INPUT -i lo -j ACCEPT
        iptables -A OUTPUT -o lo -j ACCEPT

        echo "  Accept all outgoing connections"
        iptables -A OUTPUT -j ACCEPT

        echo "  Icmp rules"
        iptables -A INPUT -p icmp -j ACCEPT

        echo "  Accept some connections"
        iptables -A INPUT -i eth0 -p tcp ! --syn -j ACCEPT
        iptables -N block
        iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
        iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
        iptables -A block -j DROP
        echo "    Accept all dns responses"
        iptables -A INPUT -i eth0 -p tcp --sport 53 -j ACCEPT
        iptables -A INPUT -i eth0 -p udp --sport 53 -j ACCEPT
        echo "    Accept incoming and outgoing ssh"
        iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
        echo "    Accept smtp transactions"
        iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT
        echo "    Accept igmp transactions"
        iptables -A INPUT -i eth0 -p igmp -j ACCEPT
        echo "    Block and log all others"
        iptables -A INPUT -j block
        iptables -A INPUT -j LOG

Voilà.

-- 
Igor Genibel -- http://www.genibel.org -- http://people.debian.org/~igenibel
Debian: igenibel@debian.org		       Tuxfamily: igor@tuxfamily.org
			   Freedom For Everyone
 07:44:44 up 5 days, 29 min,  9 users,  load average: 0.03, 0.03, 0.03