On Sat, May 14, 2011 at 05:40:52PM -0700, Steve Edwards wrote:
On Sun, 15 May 2011, Hans Witvliet wrote:
It's a bit more complicated
after the last rules, it is handy to put:
$iptables -A INPUT -i $EXTERNAL_DEV -j LOG --log-prefix EXT; INC
iptables -A OUTPUT -o $EXTERNAL_DEV -j LOG
On 15/05/11 12:40 PM, Steve Edwards wrote:
Adding a couple of lines to root's crontab like:
# Min hour DOM month DOW command
# --
# */5 * * * * /etc/init.d/iptables stop
make it easy to enable an 'iptables failsafe' (by un-commenting the last
line)
On 15/05/11 12:40 PM, Steve Edwards wrote:
Adding a couple of lines to root's crontab like:
# Min hour DOM month DOW command
# --
# */5 * * * * /etc/init.d/iptables stop
make it easy to enable an 'iptables failsafe' (by un-commenting the last
line)
On 17/05/11 1:36 PM, Steve Edwards wrote:
On 15/05/11 12:40 PM, Steve Edwards wrote:
Adding a couple of lines to root's crontab like:
# Min hour DOM month DOW command
# --
# */5 * * * * /etc/init.d/iptables stop
make it easy to enable an 'iptables
On Sat, May 14, 2011 at 7:51 PM, Bruce B bruceb...@gmail.com wrote:
Hi everyone,
I want to issue the command:
iptables -F
and then rebuild everything from the beginning with a very limited scope
and then without locking myself block all other traffic. Can you suggest
what I should put in
On Sat, 2011-05-14 at 19:51 -0400, Bruce B wrote:
Hi everyone,
I want to issue the command:
iptables -F
and then rebuild everything from the beginning with a very limited
scope and then without locking myself block all other traffic. Can you
suggest what I should put in the shell
On Sun, 15 May 2011, Hans Witvliet wrote:
It's a bit more complicated
after the last rules, it is handy to put:
$iptables -A INPUT -i $EXTERNAL_DEV -j LOG --log-prefix EXT; INC
iptables -A OUTPUT -o $EXTERNAL_DEV -j LOG --log-prefix EXT; OUT
iptables -A FORWARD -i $EXTERNAL_DEV -j
Thanks Hans.
So basically run the following commands:
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
service iptables save
iptables -F
Is that all right so far?
I am not sure on these:
iptables -A INPUT -i $EXTERNAL_DEV -j LOG --log-prefix EXT; INC
iptables -A
On 5/14/2011 7:51 PM, Bruce B wrote:
and then rebuild everything from the beginning with a very limited scope and
then without locking myself block all other traffic. Can you suggest what I
should put in the shell that would get me this:
you may want to start with:
On 5/14/2011 9:45 PM, Jeremy Kister wrote:
http://jeremy.kister.net/code/asterisk/iptables.init
oops, that's:
http://jeremy.kister.net/code/iptables/iptables.init
--
Jeremy Kister
http://jeremy.kister.net./
--
_
--
Shorewall is a useful way of setting up iptables
http://www.shorewall.net/
Cheers Duncan
On 15/05/2011, at 1:46 PM, Jeremy Kister wrote:
On 5/14/2011 9:45 PM, Jeremy Kister wrote:
http://jeremy.kister.net/code/asterisk/iptables.init
oops, that's:
Thanks Jeremy. But unfortunately no time to go over all this in detail.
Maybe in future. Also because as I repeatedly said I have OpenVPN setup so I
trust the VPN network there is no need for all this complication. Simply
allowing all traffic out and only allowing VPN traffic in from tun0 would do
12 matches
Mail list logo