On Sunday 23 November 2003 13:00, Spider wrote:
> On Sat, 22 Nov 2003 21:33:32 -0600
> "Chris" <[EMAIL PROTECTED]> wrote:
> > as a general rule of thumb it is best to run a firewall on all
> > machines no mater what connection you use you are still at risk
>
> A simple one that works reasonably is this :
>
> iptables -F INPUT
> iptables -F FORWARD
> iptables -F OUTPUT
>
> iptables -P INPUT DROP
> iptables -P FORWARD ACCEPT
> iptables -P OUTPUT ACCEPT
> iptables -t filter -A INPUT -i lo --jump ACCEPT
> iptables -t filter -A INPUT -i eth0 -m state --state
> RELATED,ESTABLISHED --jump ACCEPT
>
>
> ----
> This will simply deny all incoming traffic that hasn't originated from
> the inside. Simple and easy.
Be aware that protocols like FTP will have to work in passive mode. Also, if
you use any p2p programs then read up on the sections about firewalls.
Jason
--
[EMAIL PROTECTED] mailing list
