Re: Firewall administering tool

To: debian-security@lists.debian.org
Subject: Re: Firewall administering tool
From: Andrew Hesford <ajh3@cec.wustl.edu>
Date: Sun, 14 Jan 2001 14:42:51 -0600
Message-id: <[🔎] 20010114144251.A286@cec.wustl.edu>
In-reply-to: <[🔎] 20010114083709.A15603@decoy.ath.cx>; from sena@decoy.ath.cx on Sun, Jan 14, 2001 at 08:37:09AM +0000
References: <[🔎] 20010114083709.A15603@decoy.ath.cx>

I use the Vim Firewall Generator" (TM). Using iptables and linux 2.4.0, I just type the rules by hand. Here are the rules I use:

iptables -N block
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A block -p tcp --dport 22 -j ACCEPT
iptables -A block -p udp --dport 22 -j ACCEPT
iptables -A block -j DROP

iptables -A INPUT -j block
iptables -A FORWARD -j block

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to 192.1
68.1.5
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 22 -j DNAT --to 192.1
68.1.5
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

This masquerades my cable modem for any PC on 192.168.1.0/24, denies all incoming connections unless related to or established by an inside machine, and forwards SSH connections to an interior machine.
--

Reply to:

References:
- Firewall administering tool/whatever...
  - From: sena <sena@decoy.ath.cx>

Prev by Date: Re: port-scanning. advise?
Next by Date: Re: port-scanning. advise?
Previous by thread: Firewall administering tool/whatever...
Next by thread: Re: Firewall administering tool/whatever...
Index(es):
- Date
- Thread