uhh. mabye you should at all allow all localhost traffic: iptables -t filter -A INPUT -i lo -j ACCEPT
and some outgoing traffic such as HTTP, DNS and others: iptables -t filter -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT iptables -t filter -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT also you can modify the rules in the /etc/sysconfig/iptables file which is always a good starting point when setting up your own rules. also doing things the RedHat way, you can use the redhat-config-network tool to configure your firewall settings. i think. or was that some other tool (redhat-config-*). Quoting Rafael 'Dido' Sevilla <[EMAIL PROTECTED]>: > On Sat, Oct 18, 2003 at 11:42:06PM +0800, smart penguin wrote: > > I would like to ask the help of everybody, i just installed 2day the > > redhat9 without setting any firewall (i selected "NO FIREWALL") > > because i was thinking of setting my own firewall rules. Any > > suggestions and what is the most secured implementation from the > > "iptables". And should suggest, since i am a newbie, i was hoping you > > could include the command that i would be executing and what file/s i > > would put that. > > Try these: > > iptables -t filter -P INPUT DROP > iptables -t filter -P FORWARD DROP > iptables -t filter -P OUTPUT DROP > > That will block *ALL* network traffic from entering, leaving, or passing > through your server. ;) As in *EVERYTHING*. Sets the default policy for > all your input chains to drop every packet that comes your way. Almost > as good as totally unplugging your system from the network. Few ways to > get more secure than that beyond turning off your server, pouring molten > lead into it, and burying it in an unmarked grave on Mars. :p > > Seriously, what firewall rules you should be using depend on what > exactly you're using your machine for. When you can tell us exactly > what your machine is supposed to be doing, we can give you a more useful > answer. > > -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > ----------------------------------------------- William Emmanuel S. Yu Ateneo Campus Network Group (AteneoCNG) email : wyu at ateneo dot edu web : http://CNG.ateneo.net/cng/wyu/ phone : +63(2)4266001-4186 GPG : http://CNG.ateneo.net/cng/wyu/wyy.pgp -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
