Results 1 to 7 of 7

Thread: Iptables question

  1. #1
    Junior Member
    Join Date
    Oct 2002
    Posts
    4

    Iptables question

    Hello pps

    How secure would this be:

    $iptables -F
    $iptables -X

    $iptables -p INPUT DROP
    $iptables -p OUTPUT DROP
    $iptables -p FORWARD DROP


    if this is the only thing in my iptables script
    is it possible to get any kind of connection to my computer? (without stopping iptables)

    id appreciate any thoughts on this
    [blur]Te audire no possum. Musa sapientum fixa est in aure.[/blur]

  2. #2
    that setup of yours literally drops any connection..even the connections originating from your own machine..however having a default chain policy of DROP/REJECT is good..and after that you have to explicitly add rules that will permit connections from trusted machines(even your own machine)..hope that answers your question

    with regards
    scorpion..

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    452
    That doesn't just drop all connections...I'm reasonably sure that drops all packets. But with rules like that, why not just unplug the modem/ethernet card?
    Elen alcarin ar gwath halla nĂ¡ engwar.

  4. #4
    Junior Member
    Join Date
    Oct 2002
    Posts
    4
    Originally posted here by thesecretfire
    That doesn't just drop all connections...I'm reasonably sure that drops all packets. But with rules like that, why not just unplug the modem/ethernet card?
    would that script be just as secure as unplugging the network?
    [blur]Te audire no possum. Musa sapientum fixa est in aure.[/blur]

  5. #5
    Senior Member problemchild's Avatar
    Join Date
    Jul 2002
    Posts
    551
    Pretty much. Nothing can make any connection to the machine from the WAN side or the LAN side, so I'd say it's pretty effectively off the network.

    If you want the machine to accept any connections and function as part of your network, you'll need to add some rules to permit those connections.
    Do what you want with the girl, but leave me alone!

  6. #6
    Senior Member
    Join Date
    Feb 2002
    Posts
    130
    Well I suppose you can't really get much more secure than that can you? Maybe a little impracticle if you actually want to use the computer in a network. Its probably a good start to a script though, deny everything, then allow connections till your setup works

  7. #7
    Junior Member
    Join Date
    Oct 2002
    Posts
    4
    Thanks for your help
    [blur]Te audire no possum. Musa sapientum fixa est in aure.[/blur]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •