Lo que he denegado ahora es las conexiones entrantes que tengan estado
"NEW", parece que todo funciona (apt, etc) aunque imagino que esto se puede
mejorar, despues de cenar me pongo a leer sobre iptables, lo prometo :-)
Gracias a todos
Estas son las reglas con las que parece que va bien (como un relampago
jejeje)
# Generated by iptables-save v1.2.11 on Wed May 25 21:25:35 2005
*nat
:PREROUTING ACCEPT [2:1137]
:POSTROUTING ACCEPT [2:396]
:OUTPUT ACCEPT [2:396]
COMMIT
# Completed on Wed May 25 21:25:35 2005
# Generated by iptables-save v1.2.11 on Wed May 25 21:25:35 2005
*mangle
:PREROUTING ACCEPT [10:1576]
:INPUT ACCEPT [9:1524]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10:3044]
:POSTROUTING ACCEPT [10:3044]
COMMIT
# Completed on Wed May 25 21:25:35 2005
# Generated by iptables-save v1.2.11 on Wed May 25 21:25:35 2005
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# apache
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# apache udp
-A INPUT -p udp -m udp --dport 80 -j ACCEPT
# webmin tcp
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
# webmin udp
-A INPUT -p udp -m udp --dport 10000 -j ACCEPT
# denegar
-A INPUT -m state -d 192.168.0.20 --state NEW -j DROP
COMMIT
# Completed on Wed May 25 21:25:35 2005
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
