Pls Help - Rule in IPTables
Volker Kindermann
ml at ps102.de
Tue Sep 28 18:01:53 UTC 2004
Hello Menon,
> I would like to configure the IPTables so that no new
> connection can be established from outside to the Gateway.
>
> Network set up: Internet ---- ||eth1 |134.public-IP "Gateway"
> 192.168.1.10 |eth0 ||----- inside
I would suggest that you block all by default and then open the firewall with the rules you need.
Something like (only fragments shown):
$IPTABLES -P OUTPUT DROP
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
And then add the rules for allowed traffic. This way all not explicitly allowed is forbidden by default.
-volker
More information about the redhat-list
mailing list