Hello Why starting from scratch ?
Here is a link for a complete firewall script: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/adsl4linux/ADSL4Linux/ADS L4Linux/templates/firewall.iptables.devel?rev=HEAD&content-type=text/vnd .viewcvs-markup I am using it and it is working well. tim -----Original Message----- From: Ehren Wilson [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 06, 2001 5:40 PM To: [email protected] Subject: Problems with IP tables firewall (DNS and what the heck is this WinME box doing) Hello, I upgraded my kernel to 2.4.5 yesterday and decided to switch from using a very loose ip chains script that was really only for masquarading to a fairly tight ip tables setup. As it stand all my services are working but DNS, but DNS works when I query localhost or the internal 192 ip (since these are both basically wide open on there respective interfaces). Here is what I currently have in my tcp_packets table for port 53. --- $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 53 -j allowed --- and for UDP --- $IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 53 -j ACCEPT --- if any one has a clue please do lend it to me :) My one other concern is that on my external interface one of the other machines (a WinMe box) is hitting the broadcast ip of the external network with UDP packets every few minutes, or seconds even, and causing my logchecks to be mostly garbage but before I filter out the noise was wondering if anyone had seen this before. <snip> Jun 6 08:07:20 twitch kernel: IPT INPUT packet died: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:xx:xx:xx:xx:xx:xx:xx:00 SRC=xx.xxx.xx.121 DST=xx.xxx.xx.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=6667 PROTO=UDP SPT=138 DPT=138 LEN=209 </snip> My Linux box is xx.xxx.xx.120. Oh well thanks for any advice/help. Ehren -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
