Re: firewall leeeeento SOLUCIONADO
Lo que he denegado ahora es las conexiones entrantes que tengan estado
"NEW", parece que todo funciona (apt, etc) aunque imagino que esto se puede
mejorar, despues de cenar me pongo a leer sobre iptables, lo prometo :-)
Gracias a todos
Estas son las reglas con las que parece que va bien (como un relampago
jejeje)
# Generated by iptables-save v1.2.11 on Wed May 25 21:25:35 2005
*nat
:PREROUTING ACCEPT [2:1137]
:POSTROUTING ACCEPT [2:396]
:OUTPUT ACCEPT [2:396]
COMMIT
# Completed on Wed May 25 21:25:35 2005
# Generated by iptables-save v1.2.11 on Wed May 25 21:25:35 2005
*mangle
:PREROUTING ACCEPT [10:1576]
:INPUT ACCEPT [9:1524]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10:3044]
:POSTROUTING ACCEPT [10:3044]
COMMIT
# Completed on Wed May 25 21:25:35 2005
# Generated by iptables-save v1.2.11 on Wed May 25 21:25:35 2005
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# apache
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# apache udp
-A INPUT -p udp -m udp --dport 80 -j ACCEPT
# webmin tcp
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
# webmin udp
-A INPUT -p udp -m udp --dport 10000 -j ACCEPT
# denegar
-A INPUT -m state -d 192.168.0.20 --state NEW -j DROP
COMMIT
# Completed on Wed May 25 21:25:35 2005
Reply to:
- Follow-Ups:
- [no subject]
- From: "Angel F. Viartola" <aviartola@vodafone.es>