Some pointers that you may consider for host-based firewall (not necessarily using iptables):
>From your email: 1) Allow incoming ssh connections (port 22 only) from your trusted ips - you may want to consider logging all connections to this port. 2) Allow incoming http connections (port 80 only) for all In addition: 1) Allow outgoing dns queries 2) Allow outgoing ntp queries 3) Block icmp broadcast 4) Allow ping probes (to and from your machine) 5) Allow outgoing tcp/udp connections on ephemeral port range (depending on your needs) 6) You may want to block multicast packets if you are not using it anyway 7) Block everything that dont fall to the rules above You may also want to considering fine tuning some kernel network settings in /proc/sys/net/ipv4 rowel On Fri, 26 Apr 2002 [EMAIL PROTECTED] wrote: > Let me re-phrase the question: Can you recommend a script to setup > iptables-firewall for a networked machine? (i.e. co-located machines where > you only allow incoming HTTP traffic and SSH sessions from trusted IPs) > > -----Original Message----- > From: Ian C. Sison [mailto:[EMAIL PROTECTED]] > Sent: Friday, April 26, 2002 12:29 PM > To: [EMAIL PROTECTED] > Subject: Re: [plug] Recommended iptables script > > > Standalone, as in non-networked? What for? Your computer is as secure as > it can get! > > > On Fri, 26 Apr 2002 [EMAIL PROTECTED] wrote: > > > Hi, > > > > Can you recommend a script to setup iptables-firewall for standalone > > machines? > > _ > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to >[EMAIL PROTECTED] > _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
