Hi I recently started looking into iptables and I've built some sets of rules for various applications already. I also tried several tools to create these rules automatically, but since I was new to the subject I didn't really know what to do with them, so I eventually did everything by hand ;-)
Anyway, I'm starting to get a feel for it now and I'm wondering if my feelings are correct... (I'm not interested in NAT right now, so I haven't formed any ideas about that) There seem to be three kinds of firewall rules/principles: Stuff for allowing services to/from machines behind the firewall (FORWARD) Stuff for allowing services on a machine (INPUT/OUTPUT) Stuff for allowing services from a client on a machine (OUTPUT/INPUT) And there are rules for blocking specific hosts/subnets in either FORWARD or INPUT. Currently I'm still debugging my rule-sets and optimising them, but there's something nagging in the back of my head that a lot of this is actually stuff that should be very generic in nature. So I'm wondering if there are lists of rules that are publicly available? Then there's also the question of how the rules should be hooked into the main chains... At the moment I'm generally using a filter on a specific port or set of ports and redirect to a service chain where the actual ACCEPT rule is for specific cases. Is this the recommended way or are there better ways to do it? e.g. (outgoing ssh): INPUT: -p tcp --dport 22 -j ssh_c -p tcp --sport 22 -j ssh_c OUTPUT: -p tcp --dport 22 -j ssh_c -p tcp --sport 22 -j ssh_c ssh_c: -s $MY_IP -m state --state NEW,ESTABLISHED -j ACCEPT -s $FRIEND_IP -m state --state NEW -j ACCEPT -s ! $MY_IP -m state --state ESTABLISHED -j ACCEPT -j DROP I'm wondering how more experienced people do these kinds of things and how they are best generalised into standard scripts etc... TIA Simon
