You can do somethings like this : iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -s myinternalnetwork -j ACCEPT iptables -A FORWARD -p tcp --dport a-authorised-port -j ACCEPT iptables -A FORWARD -p tcp --dport an-other-authorised-port -j ACCEPT iptables -A FORWARD -j DROP (or REJECT)
state "related" permit module like ip_conntrack_ftp to work. Wacquiez S�bastien Charlie Grosvenor wrote: > > Hi > I have 5 static public ip addresses that i have assigned to each of my > machines, i have a debian machine which is the router and it has a ppp > connection to the internet. This set up works fine, but i would like to add > some security. I have blocked smb traffic from comming in and out using ip > tables. Somebody alerted me to the fact that it was safer to enable certain > ports and disable all others. Is it possible to block all incomming > connections apart from the onces that i allow and allow all outgoing > connections and allow the packets that come back as a result of these > connections? If so how can i do so? Also does anybody have a iptables script > that does this. I do not want to use NAT.
