From: "Mansour Al-Aqeel" <mansour77@ownmail.net>
To: netfilter@lists.netfilter.org
Subject: setting up a firewall from scratch
Date: Mon, 15 May 2006 21:46:42 -0300 [thread overview]
Message-ID: <1147740402.17757.261507231@webmail.messagingengine.com> (raw)
Hi Everybody:
I need an advice from someone about what to do. I have a small lan and
looking to connect it to the net through a LinkSys router using OpenWrt.
The router comes with a built in rules that does everything. However,
I'm a new to iptables, and therefore it would be good chance for me to
be introduced to this tool. I need to delete all the built in rules and
recteate them again from scratch in order to know what each of them
does... I wrote a small script to excute and save my rules in. The
router stopps responding when I excute the script, and I have to reboot
it. All I need at this point is to disable any connection attempt from
out side ($WAN) and enable everything on the ($LAN) side. Here's what I
did so far. Can any one tell me what's next, or what I'm missing ??
#delete all the existing rules from all chains
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
#set the default policy on the external interface not to accept anything
iptables -P INPUT -i $WAN -j REJECT # dont let anything coming from
outside
iptables -P OUTPUT -i $WAN -j ACCEPT # let anything go out
iptables -P FORWARD -i $WAN -j REJECT # dont forward anyhting from
outside to inside
#######################################
## allow everyThign internally
#######################################
iptables -f filter -A INPUT -i $LAN -j ACCEPT
iptables -f filter -A INPUT -o $LAN -j ACCEPT
iptable -A OUTPUT -i $LAN -j ACCEPT
iptable -A OUTPUT -o $LAN -j ACCEPT
####forward internally through the br0
iptables -f filter -A FORWARD -i $LAN -j ACCEPT
iptables -f filter -A FORWARD -o $LAN -j ACCEPT
Thanx
--
Mansour Al-Aqeel
mansour77@ownmail.net
--
http://www.fastmail.fm - I mean, what is it about a decent email service?
next reply other threads:[~2006-05-16 0:46 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-16 0:46 Mansour Al-Aqeel [this message]
2006-05-16 11:54 ` setting up a firewall from scratch Pascal Hambourg
2006-05-16 11:57 ` Tim Evans
2006-05-16 14:47 ` Dimitri Yioulos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1147740402.17757.261507231@webmail.messagingengine.com \
--to=mansour77@ownmail.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox