Newbie: very basic iptables rules

From: Bob Simon (bsimon_at_xtne.net)
Date: 03/29/04

  • Next message: dnk0h: "Re: how deep do i need to dive ?" 
    Date: Sun, 28 Mar 2004 18:20:27 -0600

    eth0 is outside and eth1 is inside. Are the following rules
    sufficient to protect my firewall itself?

    iptables -P INPUT DROP
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -m state --state NEW -i eth1 -j ACCEPT

      

    --
Bob Simon
remove x from domain for private replies
  • Next message: dnk0h: "Re: how deep do i need to dive ?"

    Relevant Pages

    • Firewall Static Nat problem Redhat 7.1
      ... I am running redhat 7.1 as a firewall. ... with external ip addresses that I want to protect behind my firewall. ... I know that I need static nat to get this working, ... My iptables config is as follows:- ...
      (comp.os.linux.security)
    • Re: does iptables 100% safe for my LAN ?
      ... >> iptables can protect you from outside (read from the internet) exploits. ... The example you site is clearly mark "very simple firewall" but that is not ...
      (comp.os.linux.security)
    • Re: Feedback solicited - best way to harden a mail/web server?
      ... Was the system protected by a properly configured firewall? ... it's not a bad "starting point" and it can generate an IPtables rule ... > nor is there a web or ftp server; aside from that I haven't tried to secure ... Before I'll install some nifty application ...
      (comp.os.linux.security)
    • Re: protecting computer
      ... > are 3 steps to protect our computer. ... Microsoft gives you the base guidelines. ... disable your Windows Messenger service. ... by the normal home user and in cooperation with a good firewall, ...
      (microsoft.public.security)
    • Re: EMERGENCY - need to secure my server against an ongoing SPAMMER
      ... computer with a broadband connection. ... that IP range will prevent that spammer from wasting your systems ... This approach eventually makes your firewall machine so busy it has ... A better approach is to use IPTables to deny ALL inbound attempts to ...
      (Fedora)