[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables et woody

"wilfried" <lambalais.wilfried@wanadoo.fr> writes:

> si je fais /etc/init.d/iptables start alors j'ai le message suivant:
> "Aborting iptables load: unknown ruleset, "active"

/etc/init.d/iptables

sans argument  te donne  un message d'explications.  En gros,  il faut
mettre en  place ton jeu de règles  à coup de iptables,  puis faire un
/etc/init.d/iptables save active. 

Pour une machine  perso, un ensemble de règles  intéressant est donnée
dans le packet filtering HOWTO :

5. Rusty's Really Quick Guide To Packet Filtering

   Most people just have a single PPP connection to the Internet, and
   don't want anyone coming back into their network, or the firewall:
   
## Insert  connection-tracking  modules  (not  needed  if  built  into
   kernel). 
# insmod ip_conntrack
# insmod ip_conntrack_ftp
   
## Create chain  which blocks new  connections, except if  coming from
   inside. 
# iptables -N block
# iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
# iptables -A block -j DROP

## Jump to that chain from INPUT and FORWARD chains. 
# iptables -A INPUT -j block
# iptables -A FORWARD -j block


-- 
Matthieu
Reply to: