[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: iptables templates



>>>>> "sv" == seth vidal <skvidal fedoraproject org> writes:

sv> Here's what I've used in the past. It allows connections for
sv> certain ports/places and then drops everything else as the last
sv> item.

sv> http://linux.duke.edu/~skvidal/misc/iptables-template

sv> it's pretty painless, really.

sv> If we want to add explicit outbound rules, too, that's fine, but
sv> I'd advise enabling logging b/c that stuff is easy to get wrong.
sv> :)

sv> This is just a sample but it's simple and straightforward.

The sample script accepts all non-syn TCP packets, whether they are
related to an established connection or not. That is not necessarily a
bad thing, I'm just pointing it out so people are aware of it.


/Benny



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]