Re: iptables+dialup
On January 11, 2003 12:29 pm, the fabulous Debian User wrote:
> Can someone point me to some docs for where to put the iptables firewall
> scripts for a dialup accnt. I am running testing/unstable w/2.4.18-686.
> This has to be activated(iptables) with each new dialup? Or does
> iptables refresh the ip? Sorry for all the ?'s but am new to iptables.
I believe that the simplest way is to just put a script in the
/etc/ppp/ip-up.d/ directory. Here's a script that I've used in a few places:
#!/bin/sh
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 4 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -j LOG
This is designed for a client that is directly connected to the Internet but
is not doing any masquerading for other clients, simply a standalone machine.
It allows incoming ssh so that I can do remote admin. I'd appreciate
comments on the above ruleset since I'm deploying it on all my family members
as I convert them to Linux ;-)
Fraser
Reply to: