From: reader@newsguy.com
To: netfilter@vger.kernel.org
Subject: Special firewall for wannabee dmz machine
Date: Tue, 25 Dec 2007 07:53:26 -0600 [thread overview]
Message-ID: <87abnyubhl.fsf@newsguy.com> (raw)
( I've probably irritated the ipfilter list by mistakenly posting this
there first)
I'd like to see some examples of how to do this:
I'm setting up a gentoo linux machine who's sole purpose is to get
traffic coming to a NETGEAR router upstream. That router has one of
those options they call DMZ where you can give a lan address machine
to be sent all traffic that is blocked from the lan.
In my case it isn't a true DMZ because it will not route anything to
other parts of the lan. It's pupose is to drop but log all the
baloney coming at the NETGEAR from the internet.
I just want to poke around in the logs of what is coming my way.
It will only need to communicate to the internet rarely if at all
and then from lynx, or over ssh. It has no X installed, no services
like apache, samba, cups, etc etc. Only ssh. And I'd like that to
only be open to the lan.
I'm confused about which things need to be allowed in and how to
handle the rejected stuff, far as logging only possible nasty stuff
and not normal dns or other normal traffic.
next reply other threads:[~2007-12-25 13:53 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-12-25 13:53 reader [this message]
2007-12-25 16:47 ` Special firewall for wannabee dmz machine G.W. Haywood
2007-12-26 4:14 ` reader
2007-12-26 16:24 ` G.W. Haywood
2007-12-26 17:10 ` reader
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87abnyubhl.fsf@newsguy.com \
--to=reader@newsguy.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox