On Fri, 29 Aug 2003 10:47:59 -0500
Andrew Gaffney <[EMAIL PROTECTED]> wrote:

> I'm trying to create a firewall using iptables. I want it to drop 
> incoming packets except to ports 22, 25, and 80 unless the source 
> address is 192.168.254.x. I'm asking before I do this because I'm 
> accessing the computer remotely right now and I don't want to cut
> myself off from it. I'm thinking something like:
> 
> iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT
> iptables -A INPUT -p tcp --dport 22 -j ACCEPT
> iptables -A INPUT -p tcp --dport 25 -j ACCEPT
> iptables -A INPUT -p tcp --dport 80 -j ACCEPT
> iptables -A INPUT -p all -j DROP
> 
> -or-
> 
> iptables -P INPUT DROP
> iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT
> iptables -A INPUT -p tcp --dport 22 -j ACCEPT
> iptables -A INPUT -p tcp --dport 25 -j ACCEPT
> iptables -A INPUT -p tcp --dport 80 -j ACCEPT
> 
> Would either of these get me the desired results?
> 
> -- 
> Andrew Gaffney
> 
> 
> --
> [EMAIL PROTECTED] mailing list
> 
> 
IMHO, second version will work as you wish.
BUT that's only IMHO!

Why?
because you first deny everything,
and then you 'relaxing' DENY rule.
In first last command (DROP all) you overwriting
that what you said in 4 previous lines.


-- 
Piotr Piasny (p1t3r05)
piteros1[at]_SPAM_wp.pl p1t3r05[at]_SPAM_o2.pl
LRU #217108 MR #102136 Gentoo

--
[EMAIL PROTECTED] mailing list

Reply via email to