Re: Help w/ Iptable Rules

To: debian-user@lists.debian.org
Subject: Re: Help w/ Iptable Rules
From: Vineet Kumar <debian-user@virtual.doorstop.net>
Date: Fri, 20 Jun 2003 10:42:44 -0700
Message-id: <[🔎] 20030620174244.GB28679@doorstop.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 14579.151.198.194.252.1056123448.squirrel@webmail.nac.net>
References: <[🔎] 14579.151.198.194.252.1056123448.squirrel@webmail.nac.net>

* fbrian@nac.net (fbrian@nac.net) [030620 09:49]:
> Hi
> 
> I need help w/ simple iptables rules.
> 
> Needs:
> 	to only allow ssh packets in and they would be over an
> 	ethernet interface.
> 
> 	allow all outbound traffic

iptables -P INPUT DROP
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp -j REJECT --reject-with ucmp-port-unreachable
iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable

iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

Note, this also allows ICMP traffic.  I believe this is a Good Thing.
Also, start with a clean slate (meaning flush all of your tables and
delete any user-defined tables you may have already created), before you
do this.

good times,
Vineet
-- 
http://www.doorstop.net/
-- 
I am mortified to be told that, in the United States of America, the sale of a
book can become a subject of inquiry, and of criminal inquiry too.
						-- President Thomas Jefferson

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Help w/ Iptable Rules
  - From: <fbrian@nac.net>

Prev by Date: Re: An advice for VPN
Next by Date: exporting /var/spool/mail/user as mailbox
Previous by thread: Re: Help w/ Iptable Rules
Next by thread: Re: Help w/ Iptable Rules
Index(es):
- Date
- Thread