Simple iptables script
Louis E Garcia II
louisg00 at bellsouth.net
Mon Jan 29 03:31:18 UTC 2007
For me the default iptables script is a little to lenient. For my laptop
with no server services I minimized the script to these lines. Did not
want icmp and ping coming in, a stealth box. Web, email and gaim all
seem to be working. Am I missing something? Everything from the outside
should be dropped right? One thing I'm not sure of is syn-flood but they
should be dropped also.
-Louis
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp ! --syn -m state --state NEW -j DROP
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
COMMIT
More information about the fedora-list
mailing list