To correctly audit your configuration, I need an output of "/sbin/iptables -L -n -v" The mere "/sbin/iptables -L [-n]" is not sufficient to me, cause it won't reveal the per interface filters.
Vincent > -----Original Message----- > From: Tore Nilsson [mailto:[EMAIL PROTECTED]] > Sent: Wednesday 4 December 2002 14:23 > To: [EMAIL PROTECTED] > Subject: IPTables configuration. > > > Hello! > > Can someone review my iptables configuration and give suggestions? > Btw. if I'd want to block someone completely using this configuration > should I put them in "Parole" by using this command: > > iptables -A PAROLE -s [ip-number] -j DROP > > //Tore Nilsson > > here's my configuration. btw, it was made with Bastille: > > Chain INPUT (policy DROP) > target prot opt source destination > DROP tcp -- anywhere 127.0.0.0/8 > ACCEPT all -- anywhere anywhere state > RELATED,ESTABLISHED > ACCEPT all -- anywhere anywhere > DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere > PUB_IN all -- anywhere anywhere > DROP all -- anywhere anywhere > > Chain FORWARD (policy DROP) > target prot opt source destination > ACCEPT all -- anywhere anywhere state > RELATED,ESTABLISHED > DROP all -- anywhere anywhere > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > PUB_OUT all -- anywhere anywhere > > Chain INT_IN (0 references) > target prot opt source destination > ACCEPT icmp -- anywhere anywhere > DROP all -- anywhere anywhere > > Chain INT_OUT (0 references) > target prot opt source destination > ACCEPT icmp -- anywhere anywhere > ACCEPT all -- anywhere anywhere > > Chain PAROLE (4 references) > target prot opt source destination > ACCEPT all -- anywhere anywhere > > Chain PUB_IN (1 references) > target prot opt source destination > ACCEPT icmp -- anywhere anywhere icmp > destination-unreachable > ACCEPT icmp -- anywhere anywhere > icmp echo-reply > ACCEPT icmp -- anywhere anywhere icmp > time-exceeded > PAROLE tcp -- anywhere anywhere > tcp dpt:www > LOG tcp -- anywhere anywhere > tcp dpt:telnet > state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning > prefix `audit' > LOG tcp -- anywhere anywhere > tcp dpt:ftp > state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning > prefix `audit' > LOG tcp -- anywhere anywhere > tcp dpt:imap2 > state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning > prefix `audit' > LOG tcp -- anywhere anywhere > tcp dpt:pop3 > state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning > prefix `audit' > LOG tcp -- anywhere anywhere > tcp dpt:finger > state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning > prefix `audit' > LOG tcp -- anywhere anywhere > tcp dpt:sunrpc > state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning > prefix `audit' > LOG tcp -- anywhere anywhere > tcp dpt:exec > state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning > prefix `audit' > LOG tcp -- anywhere anywhere > tcp dpt:login > state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning > prefix `audit' > LOG tcp -- anywhere anywhere tcp > dpt:linuxconf state INVALID,NEW limit: avg 5/sec burst 8 LOG > level warning > prefix `audit' > LOG tcp -- anywhere anywhere > tcp dpt:ssh > state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning > prefix `audit' > LOG tcp -- anywhere anywhere > tcp dpt:1980 > state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning > prefix `audit' > LOG udp -- anywhere anywhere > udp dpt:31337 > state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning > prefix `audit' > DROP icmp -- anywhere anywhere > DROP all -- anywhere anywhere > > Chain PUB_OUT (1 references) > target prot opt source destination > ACCEPT all -- anywhere anywhere > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]