Question about ipchains
Hi all,
I have a computer with potato that is a gateway for my intranet. It has real IP, while the intranet has 192.168.1.x IP's.
Several services are running on it but I'd like only ssh, ntp and https to be available to the outside world.
So, I thought this ipchains rules could help:
Chain input (policy REJECT):
target prot opt source destination ports
# accept everything from localhost
ACCEPT all ------ 127.0.0.1 0.0.0.0/0 n/a
# reply ping packets
ACCEPT icmp ------ 0.0.0.0/0 0.0.0.0/0 * -> *
# next 2 lines: accept tcp/udp all ports for internal network
ACCEPT tcp ------ 192.168.1.0/24 0.0.0.0/0 * -> *
ACCEPT udp ------ 192.168.1.0/24 0.0.0.0/0 * -> *
# allow ssh from outside
ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 22
# allow ntp from outside
ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 123
# allow https from outside
ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 443
# does not accept outside coneections to postgres
REJECT tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 5432
# this next 2 lines I didn't understand why, but someone told me to put it to accept response packets. what is this???
ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535
ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535
Chain forward (policy MASQ):
Chain output (policy ACCEPT):
Do you think that is a safe configuration for ipchains to protect the computer from the outside world? why do I need the last 2 lines of input chain?
Thanks in advance
Pedro
Reply to: