I have a Fedora fileserver that I use on my home network only, so I
want it to have no outside access and no inbound access except for my
home subnets (a router and an access point). Here's what I have built
so far, but it is not blocking pings to the outside world:
[root@fedora ~]# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- any any 192.168.2.0
192.168.2.0
0 0 ACCEPT all -- any any 192.168.1.0
192.168.1.0
43 3049 ACCEPT all -- eth0 any anywhere
anywhere
0 0 REJECT all -- any any anywhere
anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 24 packets, 3312 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- any any 192.168.1.0
192.168.1.0
0 0 ACCEPT all -- any any 192.168.2.0
192.168.2.0
My problem occurs when I delete INPUT 3 (the one with all the traffic)
or add OUTPUT 3 like this:
iptables -I OUTPUT 3 -d 0.0.0.0/0 -j DROP
Lucky for me, I figured out that I could set up a crontab to stop
iptables every 10 minutes so that I could get back in. Any
suggestions?
--
You received this message because you are subscribed to the Linux Users Group.
To post a message, send email to [email protected]
To unsubscribe, send email to [email protected]
For more options, visit our group at
http://groups.google.com/group/linuxusersgroup
Please remember to abide by our list rules (http://tinyurl.com/LUG-Rules or
http://cdn.fsdev.net/List-Rules.pdf)
