I'm not an iptables expert, but I am in network security. Seems odd to me that inbound rules 1 and 2 have the same source and destination in each rule. The destination should always be your file server, since it sounds like this is not acting as a router.
Jeremiah E. Bess Network Ninja, Penguin Geek, Father of four On Fri, Jul 1, 2011 at 21:47, linuxuser <[email protected]> wrote: > I have a Fedora fileserver that I use on my home network only, so I > want it to have no outside access and no inbound access except for my > home subnets (a router and an access point). Here's what I have built > so far, but it is not blocking pings to the outside world: > > [root@fedora ~]# iptables -L -v > Chain INPUT (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- any any 192.168.2.0 > 192.168.2.0 > 0 0 ACCEPT all -- any any 192.168.1.0 > 192.168.1.0 > 43 3049 ACCEPT all -- eth0 any anywhere > anywhere > 0 0 REJECT all -- any any anywhere > anywhere reject-with icmp-host-prohibited > > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > > Chain OUTPUT (policy ACCEPT 24 packets, 3312 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- any any 192.168.1.0 > 192.168.1.0 > 0 0 ACCEPT all -- any any 192.168.2.0 > 192.168.2.0 > > My problem occurs when I delete INPUT 3 (the one with all the traffic) > or add OUTPUT 3 like this: > iptables -I OUTPUT 3 -d 0.0.0.0/0 -j DROP > > Lucky for me, I figured out that I could set up a crontab to stop > iptables every 10 minutes so that I could get back in. Any > suggestions? > > -- > You received this message because you are subscribed to the Linux Users > Group. > To post a message, send email to [email protected] > To unsubscribe, send email to [email protected] > For more options, visit our group at > http://groups.google.com/group/linuxusersgroup > Please remember to abide by our list rules (http://tinyurl.com/LUG-Rulesor > http://cdn.fsdev.net/List-Rules.pdf) > -- You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup Please remember to abide by our list rules (http://tinyurl.com/LUG-Rules or http://cdn.fsdev.net/List-Rules.pdf)
