Gracias por la ayuda!! Os dejo mi configuración.
#!/bin/bash
iptables -F
iptables -t nat -F
iptables -Z
iptables -X
#
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
#
#/sbin/modprobe ip_conntrack_ftp
#
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
#
# Quitamos los pings.
/bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
#
# No respondemos a los broadcast.
/bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#
# Para evitar el spoofing nos aseguramos de que la dirección
# origen del paquete viene del sitio correcto.
for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
/bin/echo "1" > ${interface}
done
#dns
iptables -A OUTPUT -p udp --sport 1024:65535 --dport 53 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp --dport 1024:65535 --sport 53 -m state --state
ESTABLISHED -j ACCEPT
#ssh
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 22 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 22 -m state --state
ESTABLISHED -j ACCEPT
#smtp
iptables -A OUTPUT -p tcp --dport 1024:65535 --sport 25 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 1024:65535 --dport 25 -m state --state
ESTABLISHED -j ACCEPT
#http
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 80 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 80 -m state --state
ESTABLISHED -j ACCEPT
#smtp
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 443 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 443 -m state --state
ESTABLISHED -j ACCEPT
#https
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 465 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 465 -m state --state
ESTABLISHED -j ACCEPT
#imap4
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 993 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 993 -m state --state
ESTABLISHED -j ACCEPT
#pop3
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 995 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 995 -m state --state
ESTABLISHED -j ACCEPT
#irc
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 6667 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 6667 -m state
--state ESTABLISHED -j ACCEPT
#squid
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 3128 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 3128 -m state
--state ESTABLISHED -j ACCEPT
#
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 8080 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 8080 -m state
--state ESTABLISHED -j ACCEPT
#
iptables -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -m state --state ESTABLISHED -j ACCEPT
--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff493fb.60...@gmail.com
