From: Tony Earnshaw <tonni@billy.demon.nl>
To: Oskar Andreasson <blueflux@koffein.net>
Cc: netfilter@lists.samba.org, maltec@tiscali.dk
Subject: Re: Fw: iptables - if you can find the time, I am stuck
Date: 14 Jun 2002 14:57:51 +0200 [thread overview]
Message-ID: <1024059471.1625.73.camel@billy.demon.nl> (raw)
In-Reply-To: <009a01c21381$97f2dce0$6501a8c0@multisofteducation.com>
[-- Attachment #1: Type: text/plain, Size: 1658 bytes --]
fre, 2002-06-14 kl. 10:58 skrev Oskar Andreasson:
> Sorry to say, but I am simply too swamped to even read through this.
> CC maltec@tiscali.dk since he is not on the list.
>> I appreciated your iptables tutorial.
Using Oskar's rc.firewall and rulesets as a guide:
From the Internet: INPUT -> tcp_packets -> allowed
Your rules are:
#
# TCP rules
#
$IPTABLES -A tcp_packets -p TCP -s 0/0 -j LOG --log-prefix "IPT
tcp_packets :"
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 25 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 113 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 1810 -j allowed
But you say:
"I wish to allow ports 80, 8888, 8080, ssh, dcc from outside",
So, allow them then. You've already loaded ip_conntrack, so more
shouldn't be necessary.
Further, you say:
"(I wish to allow) almost anything coming IN from 192.168.1.2-10"
You don't allow -m state --state NEW packets out from your LAN (you
allow established etc. packets back in, but you don't allow new
connections out).
Oskar writes:
$IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT
I.e., accept new connections out.
This is just to be getting on with.
Best,
Tony
--
Tony Earnshaw
e-post: tonni@billy.demon.nl
www: http://www.billy.demon.nl
gpg public key: http://www.billy.demon.nl/tonni.armor
Telefoon: (+31) (0)172 530428
Mobiel: (+31) (0)6 51153356
GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
3BE7B981
[-- Attachment #2: Dette er en digitalt signert meldingsdel --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
prev parent reply other threads:[~2002-06-14 12:57 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-14 8:58 Fw: iptables - if you can find the time, I am stuck Oskar Andreasson
2002-06-14 12:57 ` Tony Earnshaw [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1024059471.1625.73.camel@billy.demon.nl \
--to=tonni@billy.demon.nl \
--cc=blueflux@koffein.net \
--cc=maltec@tiscali.dk \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.