From: Gianni Pucciani <gp.puccio@tin.it>
To: netfilter@lists.netfilter.org
Subject: A simple question
Date: Tue, 06 Apr 2004 04:25:15 +0200 [thread overview]
Message-ID: <4072150B.8060400@tin.it> (raw)
Hi all,
I'm new to the use of iptable. I set this script for my home
workstation, but when I apply these rules anything stop functioning.
I guess I'm doing something stupid but this is my very first time with
iptables, so sorry.
I use my workstation that is behind an adsl router. My workstation has a
fixed ip, 192.168.1.2 and I'd like to use it for Tomcat server , ssh
server and general client features.Can anyone give me some help?
Thanks
PS Comment are italian, but hope rules be quite clear...
#!/bin/sh
#G.P
#last update 050404
#Script di inizializzazione per settare un insieme di regole
#di packet filtering tramite iptables.
#definire le policy (comportamento di default)per le catene di default
/sbin/iptables -P INPUT DROP #ogni pacchetto in ingresso scartato
/sbin/iptables -P OUTPUT DROP #ogni pacchetto in uscita accettato
/sbin/iptables -P FORWARD DROP #ogni pacchetto di passaggio scartato
#flush di tutte le catene
/sbin/iptables --flush
#elimina le catene
/sbin/iptables -X miacatenain
/sbin/iptables -X miacatenaout
#creare una nuova catena
/sbin/iptables -N miacatenain
/sbin/iptables -N miacatenaout
#aggiungere una regola a INPUT e OUTPUT per passare
#dalle regole appena definite. Ogni pacchetto fa match e passa
#alla catena 'miacatena' corrispondente
/sbin/iptables -A INPUT -j miacatenain
/sbin/iptables -A OUTPUT -j miacatenaout
#######aggiungere le regole alla catena di ingresso#########
#ICMP
#Consentire traffico icmp
/sbin/iptables -A miacatenain -p icmp -j ACCEPT
#CUPS
#Consentire traffico cups in ingresso
/sbin/iptables -A miacatenain -p tcp --dport 632 -j ACCEPT
/sbin/iptables -A miacatenain -p udp --dport 632 -j ACCEPT
##EDONKEY
#Consentire traffico tcp alla porta 4663
/sbin/iptables -A miacatenain -p tcp --dport 4663 -j ACCEPT
/sbin/iptables -A miacatenain -p udp --dport 4663 -j ACCEPT
#SSH
#Consentire traffico ssh in ingresso
/sbin/iptables -A miacatenain -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A miacatenain -p udp --dport 22 -j ACCEPT
#TOMCAT
#Consentire traffico web in ingresso x Tomcat da ufficio
/sbin/iptables -A miacatenain -p tcp --dport 8080 -d 192.168.1.2 -s
131.114.136.26 -j ACCEPT
#Consentire traffico web in ingresso x Tomcat da rete locale
/sbin/iptables -A miacatenain -p tcp --dport 8080 -d 192.168.1.2 -s
192.168.1.0/255.255.255.0 -j ACCEPT
#LOOPBACK
#Consentire tutto il traffico tramite l'interfaccia di loopback
#/sbin/iptables -A miacatenain -i lo -j ACCEPT
#######aggiungere le regole alla catena di uscita#######
#Consentire connessioni ftp in ingresso
#/sbin/iptables -A miacatena -p tcp --dport 2020 e 21 in uscita
#/sbin/iptables -A miacatena -p tcp --dport
##EDONKEY
#Consentire traffico tcp alla porta 4663
/sbin/iptables -A miacatenaout -p tcp --dport 4663 -j ACCEPT
/sbin/iptables -A miacatenaout -p udp --dport 4663 -j ACCEPT
#DNS
#Consentire traffico dns in uscita
/sbin/iptables -A miacatenaout -p tcp --dport 53 -j ACCEPT
/sbin/iptables -A miacatenaout -p udp --dport 53 -j ACCEPT
#SMTP POP3
#Consentire traffico smtp
/sbin/iptables -A miacatenaout -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A miacatenaout -p tcp --dport 110 -j ACCEPT
#SSH
#Consentire traffico SSH in uscita
/sbin/iptables -A miacatenaout -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A miacatenaout -p udp --dport 22 -j ACCEPT
#WEB
#Consentire traffico web in uscita
/sbin/iptables -A miacatenaout -p tcp --dport 80 -j ACCEPT
#LOOPBACK
#Consentire tutto il traffico tramite l'interfaccia di loopback
#/sbin/iptables -A miacatenain -i lo -j ACCEPT
#########applica le modifiche#########
/sbin/service iptables save
/sbin/service iptables restart
next reply other threads:[~2004-04-06 2:25 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-06 2:25 Gianni Pucciani [this message]
2004-04-05 22:40 ` A simple question Antony Stone
2004-04-06 13:26 ` Gianni Pucciani
2004-04-06 11:16 ` How do thing with this D. Prima Prayudi
-- strict thread matches above, loose matches on Subject: below --
2004-08-19 2:36 A simple question Sudheer Divakaran
2004-08-19 4:18 ` Mark E. Donaldson
2004-08-19 8:39 ` Torsten Luettgert
2004-08-19 4:52 ` Dhananjoy Chowdhury
2004-08-19 15:46 ` Erick Sanz
2004-08-19 11:04 Jason Opperisano
2004-08-19 15:15 Hudson Delbert J Contr 61 CS/SCBN
2004-08-19 17:14 Daniel Chemko
2004-08-19 17:31 ` Nick Drage
2004-08-19 17:47 Daniel Chemko
2004-08-19 17:58 Hudson Delbert J Contr 61 CS/SCBN
2005-08-10 0:11 A Simple Question Robb Bossley
2005-08-10 19:58 ` /dev/rob0
2005-08-11 5:54 ` Jan Engelhardt
2005-08-12 5:27 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4072150B.8060400@tin.it \
--to=gp.puccio@tin.it \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox