|
-
March 14th, 2005, 09:58 PM
#1
Code:
#!/bin/bash
iptables -F FORWARD
iptables -F INPUT
iptables -F OUTPUT
ok
Code:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
added FORWARD chain just in case you activate routing by mistake 
Code:
#Let DNS traffic pass
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
this allow anything to go in/ou thru loopback interface. So,
Code:
iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -A INPUT -p tcp --sport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
DNS can use TCP queries too.
Code:
iptables -A INPUT -m multiport --dports 139,445,110 -p tcp -s 123.123.0.0/16 -j ACCEPT
iptables -A OUTPUT -m multiport --sports 139,445,110 -p tcp -s 123.123.0.0/16 -j ACCEPT
--sports and --dports are subparameters of -m multiport and must follow it.
Code:
iptables -A INPUT -m multiport --dports 25,80,22 -p tcp -j ACCEPT
iptables -A OUTPUT -m multiport --sports 25,80,22 -p tcp -j ACCEPT
same.
I dont like that approach. Try to use instead statefull inspection - take a look at -state tags.
Take a look at the tutorial from Oskar Andreasson that EG posted. Its nice. I use to use it on my iptables classes.
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote