Re: Basic rules for IPTABLES protection

From: Patrick Benson (
Date: 11/25/02

  • Next message: "RE: Part of the web page being MODIFIED !"
    Date: Mon, 25 Nov 2002 22:35:45 +0100
    From: Patrick Benson <>

    Erick Arturo Perez Huemer wrote:
    > I am about to install a RedHat 8.0 box with iptables to act as our
    > firewall for our internal network that consists of 20 machines.
    > Besides doing a -j drop on our external interface when receives a packet
    > with source equal to our internal network, what other measures we have
    > to take?
    > We do host an SMTP server but nothing else. I have read about blocking
    > 10.x.x.x addresses but also read that "some" routers/sites use those
    > addresses. Any anti-DoS rules? More settings?
    > Or maybe a link to a site that offers suggestion for proper firewall
    > configurations....
    > Thanks in advance,
    > Erick.

    Why not take a look at Tom Eastep's Shorewall:

    Excellent documentation available, along with the author's reliable
    support on the mailing lists which cover anything having to do with
    configuring an iptables/firewall box like yours.

    Best regards,

    Patrick Benson
    Stockholm, Sweden

    Relevant Pages

    • Re: iptables woes
      ... my complete firewall script is below. ... #This is my Iptables script. ... INTRA="" # Private Internal Network IP Range ...
    • RE: Networking question
      ... For users of Fedora Core releases ... Is this a firewall thing or DNS? ... I thought this might be more an iptables issue but didn't want to go off in ... some internal network address rather than 'localhost'. ...
    • Re: iptables
      ... > I want to build a firewall using iptables. ... > from the outside except the SSH, POP, IMAP and SMTP ports. ... > be able to access the internet, but not the internal network, that ...
    • Firewall *almost* working!
      ... Thanks to the help of the people in this newsgroup we have our firewall ... We can now browse the internet from our internal network ... iptables -P FORWARD ACCEPT ...
    • Re: Feedback solicited - best way to harden a mail/web server?
      ... Was the system protected by a properly configured firewall? ... it's not a bad "starting point" and it can generate an IPtables rule ... > nor is there a web or ftp server; aside from that I haven't tried to secure ... Before I'll install some nifty application ...