On Friday 29 August 2003 18:41, Andrew Gaffney wrote:
> Andrew Dacey wrote:
> > ----- Original Message -----
> >>I'm trying to create a firewall using iptables. I want it to drop
> >>incoming packets except to ports 22, 25, and 80 unless the source
> >>address is 192.168.254.x. I'm asking before I do this because I'm
> >>accessing the computer remotely right now and I don't want to cut myself
> >>off from it. I'm thinking something like:
> >>
> So, it should be:
>
> iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT
> iptables -A INPUT -p tcp --dport 22 -j ACCEPT
> iptables -A INPUT -p tcp --dport 25 -j ACCEPT
> iptables -A INPUT -p tcp --dport 80 -j ACCEPT
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -P INPUT DROP
>
> Correct?
yes, and if you use ssh to connect to that box you can try the following:
iptables -t mangle -A PREROUTING -p tcp --sport ssh -j TOS --set-tos
Minimize-Delay
I use that for my outgoing connection, but don't really know if it really
helps...
Rudmer
--
[EMAIL PROTECTED] mailing list
