Well, I have a list of things I'm covering in my scripts, which I have available at http://www.oneoddsock.com/resources/linuxrouter.html. I set up everything coming in to DROP in the PREROUTING chain consistent with the drop everything except what you want. I ensure DHCP works. I allow ESTABLISHED,RELATED connections. I ensure that packets coming in from outside don't have a source address from inside my network, and similarly that packets going outside don't have a source address from outside on the internet. After that, I allow inside to internet connections since I have 3 machines on the inside and can see them all :) so I trust them, and I open up a small set of ports and NAT them to the web server (1 of the 3 machines) such as for http, ftp, etc. An extra note is I have ICMP blocked from the outside, so you can't even ping any of the machines and you also don't get an ICMP packet back saying a connection was denied, just as if the box wasn't there. This helps reduce scans because your machine doesn't look like it even exists on the network...
HTH, Brent ----- Original Message ----- From: "Ted Gervais" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, June 02, 2002 7:36 AM Subject: iptables and their use.. > > I am looking at using iptables and have been reading. I have an understanding > on how to set up some basic commands to make a firewall but what I have a > problem with, is what do I filter? > > I don't know what is important (to me) to filter. I know we all need some > sort of firewall to protect ourselfs and systems against 'sutff' out there, > but just what is that. I suppose one could start with making certain subnets > available to myself and deny/reject all others, but I am not sure that is how > to go about it.. > > So - as a general rule, what does one do? What do people block and what do > they accept?? > > -- > Ted Gervais > Coldbrook, Nova Scotia Canada. > 1-902-679-2253 > >
