[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IPTables configuration.

maybe stupid question, but what role of this host, with a such iptables configuration it is? It is a host firewalling a network behind, or it is a standalone machine in Internet?

Also maybe "-v" commandline option could be helpfull. Just first rule, as we can see here:
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       tcp  --  anywhere   
will successfuly block all tcp traffic to local loopback (lo device), also from your own machine. Are you sure, you want/need this? ;-)

But with "-v" option we will see, that rules are binded to some network devices. So if your rule will be like this:
target     prot opt source     in       out          destination
DROP       tcp  --  anywhere   eth0     -  
it will mean, that anyone, who will be sending packets to you from external network with destination address of loopback device will be stopped by your firewall. And your service (squid in default installation, for example), trusting to local machine won't be compromised. ;-)

So try:
# iptables -n -v -L -t filter
# iptables -n -v -L -t nat

I hope, this help.


Tore Nilsson wrote:

Can someone review my iptables configuration and give suggestions?
Btw. if I'd want to block someone completely using this configuration
should I put them in "Parole" by using this command:

iptables -A PAROLE -s [ip-number] -j DROP

//Tore Nilsson

here's my configuration. btw, it was made with Bastille:

Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       tcp  --  anywhere   
ACCEPT     all  --  anywhere             anywhere           state


Reply to: