----- Original Message ----- From: "Andrew Gaffney" <[EMAIL PROTECTED]> To: "Gentoo User" <[EMAIL PROTECTED]> Sent: Friday, August 29, 2003 12:47 PM Subject: [gentoo-user] iptables help
> I'm trying to create a firewall using iptables. I want it to drop > incoming packets except to ports 22, 25, and 80 unless the source > address is 192.168.254.x. I'm asking before I do this because I'm > accessing the computer remotely right now and I don't want to cut myself > off from it. I'm thinking something like: > > iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT > iptables -A INPUT -p tcp --dport 22 -j ACCEPT > iptables -A INPUT -p tcp --dport 25 -j ACCEPT > iptables -A INPUT -p tcp --dport 80 -j ACCEPT > iptables -A INPUT -p all -j DROP > > -or- > > iptables -P INPUT DROP > iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT > iptables -A INPUT -p tcp --dport 22 -j ACCEPT > iptables -A INPUT -p tcp --dport 25 -j ACCEPT > iptables -A INPUT -p tcp --dport 80 -j ACCEPT > > Would either of these get me the desired results? I'd be tempted to add a line of iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT That way any traffic you initiate from that box will be able to get back in. As someone else mentioned, I'd use the option of setting the INPUT policy to DROP but make sure to set that AFTER you've setup the other rules. Andrew "frugal" Dacey [EMAIL PROTECTED] http://www.tildefrugal.net/ -- [EMAIL PROTECTED] mailing list
