IPTABLES doesn't work
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Fri Jan 30 11:13:18 UTC 2004
Am Do, den 29.01.2004 schrieb Luciano Miguel Ferreira Rocha um 22:58:
> On Thu, Jan 29, 2004 at 01:34:34PM -0800, smoothmilk wrote:
> > anything? I dont understand how it just flat out doesn't work. I have no
> > idea how iptables works, and because there's no documentation out there
> > for beginners who just want a script that's for eth0 with a simple www,
> > ssh and ftp server(s), Im stuck using rh's tools, which don't do
> > anything. there's no security here.
>
> Shameless plug: http://strange.nsk.pt/mine/ipconf
>
> Or a simple script:
short annotations
> #! /bin/sh
> /sbin/modprobe ip_conntrack_ftp &> /dev/null
modprobe has the parameter "-q" to be quiet.
> /sbin/iptables -F
> /sbin/iptables -X
> /sbin/iptables -P FORWARD DROP
> /sbin/iptables -P INPUT DROP
To set policies to DROP and have no final REJECT rule is bad. DROP is no
good general rule.
> /sbin/iptables -P OUTPUT ACCEPT
> /sbin/iptables -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
> /sbin/iptables -A INPUT -p IMCP -j ACCEPT
> /sbin/iptables -A INPUT -p TCP --syn --dport http -j ACCEPT
> /sbin/iptables -A INPUT -p TCP --syn --dport ssh -j ACCEPT
> /sbin/iptables -A INPUT -p TCP --syn --dport ftp -j ACCEPT
> /sbin/iptables -A INPUT -p TCP --syn --dport ftp-data -j ACCEPT
>
> Regards,
> Luciano Rocha
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2149.nptl
Sirendipity 12:10:34 up 20:58, 7 users, 0.68, 0.28, 0.15
[ Γνωθι σ'αυτον - gnothi seauton ]
More information about the fedora-list
mailing list