On Friday, October 10, 2003, at 04:50 PM, Brian Horncastle wrote:
Hi,
I wrote an IPTables script. It seems to work fine when the default policies
are set as follows:
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
This obviously isn't the most secure way of doing things. I would like to
have the default policies set like this instead:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
As soon as I do this it breaks the rest of my script and nothing works
properly. Could anyone enlighten me on how I can keep the default policy
drops and keep my script functional?
Also, I would really appreciate any suggestions on more elegant ways of doing things with IP tables. Any suggestions would be great.
Thank you very much,
Brian H.
Some comments / question, neither of which I imagine will solve your problem:
1) What distro you using?
if RH or derivative, then run this iptables script, and then run iptables-save >/etc/sysconfig/iptables to save it. that way when you start your machine and /etc/rc.d/init.d/iptables start is run, the rules you have work. I would remove the aliases from this script and put them where they belong, /etc/sysconfig/networking-scripts
2) By break your script what do you mean? The script doesn't work? or your networking doesn't work?
I will look over the script to see what you are doing and see what I can suggest to clean it up.
-- Nathanael Noblet Gnat Solutions 4604 Monterey Ave NW Calgary, AB T3B 5K4
T/F 403.288.5360 C 403.809.5368
http://www.gnat.ca/
