* Help setting up a firewall on a machine
@ 2003-05-15 11:35 Shri Shrikumar
0 siblings, 0 replies; 2+ messages in thread
From: Shri Shrikumar @ 2003-05-15 11:35 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 1312 bytes --]
Hi,
I am just configuring a machine and would like to setup a firewall on it
using iptables. I am keen on setting up properly on the first go since I
dont want to be left with a machine that I cant ssh into.
The machine has just one nic eth0 which is connected to the net. There
is not NAT or MASQ to be done
Here is what I have so far.
/sbin/iptables -N block
/sbin/iptables -A block -p ICMP -j ACCEPT
/sbin/iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A block -j DROP
/sbin/iptables -A INPUT -j block
/sbin/iptables -A FORWARD -j block
What rules do I need to add to the block chain to allow any new
connections from machine to the outside world ? would it just be
/sbin/iptables -A block -m state --state NEW -o eth0 -j ACCEPT
I am also going to be hosting a site, so the following rule will be
added as well,
/sbin/iptables -I block -p tcp --dport 80 -j ACCEPT
Do these rules sound about right ?
Thanks and regards,
Shri
--
------------------------------------------------------------------------
Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745
I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499
Web: www.urbyte.com Email: shri@urbyte.com
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Help setting up a firewall on a machine
@ 2003-05-16 11:30 Shri Shrikumar
0 siblings, 0 replies; 2+ messages in thread
From: Shri Shrikumar @ 2003-05-16 11:30 UTC (permalink / raw)
To: netfilter
Hi,
I am just configuring a machine and would like to setup a firewall on it
using iptables. I am keen on setting up properly on the first go since I
dont want to be left with a machine that I cant ssh into.
The machine has just one nic eth0 which is connected to the net. There
is not NAT or MASQ to be done
Here is what I have so far.
/sbin/iptables -N block
/sbin/iptables -A block -p ICMP -j ACCEPT
/sbin/iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A block -j DROP
/sbin/iptables -A INPUT -j block
/sbin/iptables -A FORWARD -j block
What rules do I need to add to the block chain to allow any new
connections from machine to the outside world ? would it just be
/sbin/iptables -A block -m state --state NEW -o eth0 -j ACCEPT
I am also going to be hosting a site, so the following rule will be
added as well,
/sbin/iptables -I block -p tcp --dport 80 -j ACCEPT
Do these rules sound about right ?
Thanks and regards,
Shri
--
------------------------------------------------------------------------
Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745
I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499
Web: www.urbyte.com Email: shri@urbyte.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-05-16 11:30 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-05-16 11:30 Help setting up a firewall on a machine Shri Shrikumar
-- strict thread matches above, loose matches on Subject: below --
2003-05-15 11:35 Shri Shrikumar
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.