try checking out ARNOS firewall or Smoothwall they are really strong iptables firewall which is easy to install and configure
On Fri, 14 Jan 2005 16:55:29 +0800, Zak B. Elep <[EMAIL PROTECTED]> wrote: > jepoy <[EMAIL PROTECTED]> writes: > > > hi; > > ive made my dns working, im now on the process of protecting it. is my > > iptables correct ? > > i just want only port 53 to be open and close all ports. > > > > *filter > > > # rules for our firewall > > -A INPUT -i lo -p all -j ACCEPT > > -A OUTPUT -o lo -p all -j ACCEPT > > -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT > > -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset > > A DROP would be preferred in some environments, as REJECTs often betray your > network. > > > # open ports for dns service > > -A INPUT -p tcp -i eth0 --dport 53 -j ACCEPT > > -A INPUT -p udp -i eth0 --dport 53 -j ACCEPT > > > # drop all other inbound connections > > -P INPUT DROPCOMMIT > > A DROP outbound policy is also helpful, as you ought to know what services, > ports and programs that you want (and trust) enough to connect to the > internet. This is what I do in my homebox, setting INPUT, FORWARD and OUTPUT > to DROP and explicitly specifying which ports or protocols to ACCEPT or > DROP. LOGging is also very helpful, as it enables you to determine blocked > connections. > > -- > ZAK B. ELEP <[EMAIL PROTECTED]> -- Registered Linux User #327585 > 1024D/FA53851D 1486 7957 454D E529 E4F1 F75E 5787 B1FD FA53 851D > -- Running Debian Gnus/Emacs testing/unstable. GPG signed mail preferred. > > > -- > Philippine Linux Users' Group (PLUG) Mailing List > [email protected] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > > > -- Deo Dax Sillero - Cordova (CCNA) Systems Administrator / Programmer Callbox CUstomer Contact Center http://www.callboxinc.com -- Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
