-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'd suggest the second option, but be sure to change the policy to DROP _after_ you've set up rules to allow you access.
- -Jason Martin On Fri, 29 Aug 2003, Andrew Gaffney wrote: > I'm trying to create a firewall using iptables. I want it to drop > incoming packets except to ports 22, 25, and 80 unless the source > address is 192.168.254.x. I'm asking before I do this because I'm > accessing the computer remotely right now and I don't want to cut myself > off from it. I'm thinking something like: > > iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT > iptables -A INPUT -p tcp --dport 22 -j ACCEPT > iptables -A INPUT -p tcp --dport 25 -j ACCEPT > iptables -A INPUT -p tcp --dport 80 -j ACCEPT > iptables -A INPUT -p all -j DROP > > -or- > > iptables -P INPUT DROP > iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT > iptables -A INPUT -p tcp --dport 22 -j ACCEPT > iptables -A INPUT -p tcp --dport 25 -j ACCEPT > iptables -A INPUT -p tcp --dport 80 -j ACCEPT > > Would either of these get me the desired results? > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.2 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iD8DBQE/T3WLl2ODWuqVSBMRAjaFAJ4u7K/8vRn4V+U2ZiXeK/P6XsfgMgCfUlmM bTfnZuOLgTiwZeCfOjrvTQc= =vjys -----END PGP SIGNATURE----- -- [EMAIL PROTECTED] mailing list
