So while I was home a few weekends ago, I discovered that someone might
have done some somewhat shaddy things on my parents file server. (I was
a complete id10t for allowing ssh on port 22 with a weak password). I
cleaned up as much as I can find but as an additional measure, I want to
block all traffic from the server leaving the network except to a few
sites, like security.debian.org. I played with iptables on the router
(Linksys WRT54GL running OpenWRT) and am having a hard time getting
iptable to work the way I am expecting. Here is what I run.
iptables -A FORWARD -s 192.168.1.2 -d 212.211.132.32 -j ACCEPT
<repeated a few times of ip addresses to white list>
iptables -A FORWARD -s 192.168.1.2 -d 0.0.0.0/0 -j DROP
After running these, the file server can still connect to other off
network ip addresses as if nothing happened. Any one know what I am
doing wrong with the iptables configuration? Thanks in advance for any help.
Mike
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
