can someone check this simple firewall?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Payal Rathod <payal-iptables@staticky.com>
To: netfilter@lists.netfilter.org
Subject: can someone check this simple firewall?
Date: Thu, 14 Aug 2003 23:58:10 +0530	[thread overview]
Message-ID: <20030814182810.GA2123@linux.local> (raw)

Hi,
I have designed a simple firewall ruleset. Can someone please check
them? 
It is kept at http://payal.staticky.com/firewall-1.txt

[Thanks Ralf, I will reply to your mail a bit later when someone
cross-checks this too.]

The objective is as follows,

		eth0=1.2.3.4	
  +----------+      +----------+        +--------------+
  | INTERNET +------+ LINUX    +--------+ WINDOWS      |
  |          |      | FIREWALL |        |   CLIENTS    |
  +----------+      +----------+        +--------------+
		 eth1=192.168.10.100	192.168.10.0/25

Linux box is connected to net thru a permanent ip (1.2.3.4)

LAN users can go anywhere on net as well as Linux box.
So can the Linux box.
But from outside people can connect only to port 21, 22, 80 and can ping
the Linux box (to check whether it is alive or not). Rest everything is
blocked.

Can someone please check my ruleset and tell me whether it will achieve
my obective. I can test that box for very less time so have to do all
the work from a different machine and then copy that file to that Linux
box. Hence any help in finding problems will be appreciated.

Thanks and bye.
With warm regards,
-Payal

-- 
"Visit GNU/Linux Success Stories"
http://payal.staticky.com
Guest-Book Section Updated.

next             reply	other threads:[~2003-08-14 18:28 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-08-14 18:28 Payal Rathod [this message]
2003-08-13 18:58 ` can someone check this simple firewall? Gavin Hamill
2003-08-14  5:27 ` Matching misc TCP header fields Elver Loho
2003-08-14  7:08   ` Maciej Soltysiak
2003-08-14 10:18 ` can someone check this simple firewall? Ralf Spenneberg
2003-08-14 11:01   ` Chris Wilson
  -- strict thread matches above, loose matches on Subject: below --
2003-08-13 22:39 Daniel Chemko
2003-08-15 17:55 ` Payal Rathod

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030814182810.GA2123@linux.local \
    --to=payal-iptables@staticky.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.