[LARTC] RE: firewall

* [LARTC] RE: firewall
@ 2003-09-10 13:09 ThE PhP_KiD
  2003-09-10 17:28 ` Stef Coene
  2003-09-10 18:04 ` Daniel Chemko
  0 siblings, 2 replies; 3+ messages in thread
From: ThE PhP_KiD @ 2003-09-10 13:09 UTC (permalink / raw)
  To: lartc

I forget next data:

Kernel 2.4.20
iptables 1.2.8
iproute (last stable)

RH72

:-)

->
-> Hi.
->
-> I'm trying to enable a firewall on my linux router.
->
-> eth0 router: Internet Connection
-> eth1 router: LAN connection
->
-> I want allow to my LAN users: browse web pages,
-> and send and recieve email, and nothing more, because
-> this router is connected to a VSAT connection, and
-> upload bandwidth is very small.
->
-> Also, I need to manage Linux router from a Internet
-> host via ssh and ftp.
->
-> Is ok next configuracion ?
->
-> Thank you very much.
-> ... mac
->
->
-> iptables -A OUTPUT -p tcp --dport 80 -o eth0 -j ACCEPT
-> iptables -A OUTPUT -p tcp --dport 25 -o eth0 -j ACCEPT
-> iptables -A OUTPUT -p tcp --dport 110 -o eth0 -j ACCEPT
-> iptables -A OUTPUT -p tcp --dport 22 -o eth0 -j ACCEPT
-> iptables -A OUTPUT -p tcp --dport 21 -o eth0 -j ACCEPT
-> iptables -A OUTPUT -p tcp --dport 20 -o eth0 -j ACCEPT
-> iptables -A OUTPUT -p tcp --dport 53 -o eth0 -j ACCEPT
-> iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
->
->
-> # Protección contra Syn-flood (inundación mediante Syn):
-> iptables -A OUTPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT
->
-> #Furtivo buscando puertos (port scanner):
-> iptables -A OUTPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m
-> limit --limit 1/s -j ACCEPT
->
-> #Ping de la muerte:
-> iptables -A OUTPUT -p icmp --icmp-type echo-request -m limit
-> --limit 1/s -j ACCEPT
->
->
-> # iptables -A OUTPUT -m state --state NEW -i ! ppp0 -j ACCEPT
-> iptables -A OUTPUT -j DROP
->

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread