maybe stupid question, but what role of this host, with a such iptables configuration it is? It is a host firewalling a network behind, or it is a standalone machine in Internet?
Also maybe "-v" commandline option could be helpfull. Just first rule, as we can see here:
<snip>
Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere 127.0.0.0/8
</snip>
will successfuly block all tcp traffic to local loopback (lo device), also from your own machine. Are you sure, you want/need this? ;-)
But with "-v" option we will see, that rules are binded to some network devices. So if your rule will be like this:
<snip>
target prot opt source in out destination
DROP tcp -- anywhere eth0 - 127.0.0.0/8
</snip>
it will mean, that anyone, who will be sending packets to you from external network with destination address of loopback device will be stopped by your firewall. And your service (squid in default installation, for example), trusting to local machine won't be compromised. ;-)
So try:
# iptables -n -v -L -t filter
# iptables -n -v -L -t nat
I hope, this help.
mARTin
Tore Nilsson wrote:
Hello! Can someone review my iptables configuration and give suggestions? Btw. if I'd want to block someone completely using this configuration should I put them in "Parole" by using this command:iptables -A PAROLE -s [ip-number] -j DROP //Tore Nilsson here's my configuration. btw, it was made with Bastille: Chain INPUT (policy DROP) target prot opt source destination DROP tcp -- anywhere 127.0.0.0/8 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
.... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
