[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: iptables templates



On 5/24/07, seth vidal <skvidal fedoraproject org> wrote:
Here's what I've used in the past.

It allows connections for certain ports/places and then drops everything
else as the last item.

http://linux.duke.edu/~skvidal/misc/iptables-template

it's pretty painless, really.

:D good beginning, I believe that the best policy must be more
restrictive, block inbound traffic on the chain INPUT and FORWARD with
the rule DROP and later opening the ports that are necessary.

If we want to add explicit outbound rules, too, that's fine, but I'd
advise enabling logging b/c that stuff is easy to get wrong. :)

Perhaps in the chain POSTROUTING but The OUTPUT chain is rarely used,
I don't see some use on fedoraproject now.

--
Wilmer Jaramillo M.
GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]