Simple Firewall
Hi,
I'm learning about iptables as soon I'll be required to fill this role
at work.
At home I've been learning about firewalling with iptables.
For my home network I have this simple set of rules I'm wondering is OK
or needs improvement.
My LAN is one gateway box and one laptop - pretty simple.
Below you will see 4 sets of rules.
Do you think there satisfactory ?
I use eth0 on the LAN and ppp0 for web access.
I have my rules based on the device used instead of IP and use the
'state' argument quiet freely.
Thank you kindly - I very much appreciate your words and time.
Kind regards
Rudi.
# MASQUERADING / NAT RULES for LAN for my laptop to surf the web
# postrouting rule (NAT)
iptables --table nat --append POSTROUTING -o ppp+ -j MASQUERADE
# FORWARDING RULES for LAN -- for my laptop to surf the web
# forwading outbound
iptables --append FORWARD --in-interface eth0 --out-interface ppp0 -j ACCEPT
# forwarding inbound
# iptables --append FORWARD --in-interface ppp0 --out-interface eth0 -j ACCEPT
iptables --append FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# INPUT and OUTPUT for LAN for my laptop to connect to the gateway box ( ssh,ftp,http etc )
iptables --append INPUT --in-interface eth0 -j ACCEPT
iptables --append OUTPUT --out-interface eth0 -j ACCEPT
# INPUT and OUTPUT for this BOX - so I can use things like wget from the gateway box.
iptables --append INPUT -m state --state RELATED,ESTABLISHED --in-interface
ppp0 -j ACCEPT
iptables --append OUTPUT --out-interface ppp0 -j ACCEPT
# enable ftp from this box
/sbin/insmod /lib/modules/2.4.18/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
Reply to: