[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive Jan 2003 ]

Re: [edlug] reply to in edlug ?

Subhi S Hashwa wrote:

_____________Original message ____________
Subject:	Re: [edlug] loading kernel modules
Sender:	"Stephen C. Tweedie" <sct@xxx.xxx.xxx>
Date:		Sun, 12 Jan 2003 19:34:01 +0000
snip stuff about loading and starting iptables, I actuallly had this sorted, I was just a bit confused...

and once it is running, you can then make any firewall changes you need,
and then save them for the iptables script to pick up next time it runs

$ service iptables save

iptables is running, but everything is set to accept. I have read the HOWTO and man iptables, and I think I should set policies on the INPUT chains to drop, which should mean that packets not explicitly accepted by the chain will be dropped, is that right?

I think I should also set the FORWARD policy to drop, as this is said to be the default in the HOWTO, but I don't really know what forwarding does. Any clues?

Is there a problem with setting OUTPUT to generally accept?

Then I'd need to set the INPUT rules that I want. I want to enable ssh, but nothing else, to connect to my machine from the internet, except possibly ping, but I think I can accept any connection from my lan, does that seem reasonable? Could the first part be achieved by only allowing external connections to port 22, or is there a special way of telling what type of connection, ie ssh or something else, is being attempted?

Also, do I need to know what udp and icmp are?

Rather a lot of questions this time, I'm afraid...
Edmund Strangely
"Talking like I'm on and I'm the only one and making like I'm gone and staring like a gun"-
The Jesus and Mary Chain

You can find the EdLUG mailing list FAQ list at:


recommend you take a look at http://morizot.net/firewall/gen/ and study the scripts that are generated for you. Compare these scripts with the manual, and you'll learn a lot. You can even use the scripts as-is.

----------------------------------------------------------------------- You can find the EdLUG mailing list FAQ list at: http://www.edlug.org.uk/list_faq.html

This archive is kept by wibble@morpheux.org.DONTSPAMME