Try FireHOL very nice tool. Generate stateful iptables packet filtering firewalls very very easy
http://firehol.sourceforge.net/ --------------------- Gregory -----Original Message----- From: Andrew Gaffney [mailto:[EMAIL PROTECTED] Sent: Friday, August 29, 2003 6:48 PM To: Gentoo User Subject: [gentoo-user] iptables help I'm trying to create a firewall using iptables. I want it to drop incoming packets except to ports 22, 25, and 80 unless the source address is 192.168.254.x. I'm asking before I do this because I'm accessing the computer remotely right now and I don't want to cut myself off from it. I'm thinking something like: iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 25 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p all -j DROP -or- iptables -P INPUT DROP iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 25 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT Would either of these get me the desired results? -- Andrew Gaffney -- [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list
