> Yes, nice and easy does it, although the man pages can sometimes be > cryptic to newbies like me.
i'm afraid the man pages are oftentimes the best reference you have. but here's a packet filtering howto for iptables http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html here's a simple iptables script to get you started ( i hope the comments i put in are clear enough ): #!/bin/sh # flush all rules iptables -F # accept all connections from the local interface, all protocols iptables -A INPUT -i lo -p all -j ACCEPT iptables -A OUTPUT -o lo -p all -j ACCEPT # accept all established connections # may background ka naman siguro on TCP/IP iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT #all of this should be in one line #some email clients automatically format text #last words should be : --reject-with tcp-reset iptables -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset #open http port iptables -A INPUT -s 192.168.1.0/24 -p tcp -i eth0 --dport 80 -j ACCEPT #allow ssh connections iptables -A INPUT -s 192.168.1.0/24 -p tcp -i eth0 --dport 22 -j ACCEPT # add other things you want here #drop all other connections iptables -P INPUT DROP note that the rules here checks only the packets coming from the INPUT chain and does not care about the packets going out of your unit. ramil -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
