On Wednesday 03 July 2002 7:41 pm, Karina G�mez Salgado wrote: > The rules i'm using are these: > -------------------------------- > > $IPTABLES -P INPUT DROP > $IPTABLES -P OUTPUT DROP > $IPTABLES -P FORWARD DROP > > $IPTABLES -A INPUT -s $UNIVERSE -d $UNIVERSE -j ACCEPT -v > > $IPTABLES -A OUTPUT -s $UNIVERSE -d $UNIVERSE -j ACCEPT -v > > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT -v > > $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT -v
So, you're setting a default policy of DROP on INPUT, FORWARD and OUTPUT - very good. Then, you're allowing absolutely everything in, from anywhere, you're allowing absolutely everything out, to anywhere, you're forwarding everything from the outside to the inside, and you're forwading everything from the inside to the outside. This is not a firewall, this is a complex way to plug the Internet into your network. What do you want to allow, and what do you want to block ? These rules ar doing nothing for you. Antony.
