[scottish] IP Chains

Fri, 16 Feb 2001 08:06:06 -0800 

        Hiya guys and gals,

I have been having a problem with my firewall recently. I tried to set up
a state of protection, and after reading the docs chose a default policy
of DENY on all three main chains INPUT, OUTPUT and FORWARD. After much
playing around I kinda got the flat surfing the web, but I had to
specifically allow DNS (connections udp and tcp to port 53: see attached
config file). I know that the firewall should really NOT be running other
network services, but unfortunately a lack of boxes prevents this from
happening. Would it be an idea just to deny access to the services I am
running and have a defauly policy of ACCEPT? Are there any good doc sites
for firewalling, or should I just try with IP-tables and go with 2.4?

Any suggestions appreciated

Monkey
 
Linux phoenix 2.2.13
  4:04pm  up 21:06,  3 users,  load average: 0.00, 0.00, 0.00

-F input
-P input REJECT
-A input -i eth0 -s 192.168.0.0/24 -d 0.0.0.0/0 -j ACCEPT 
-A input -i ppp0 -s 192.168.0.0/24 -d 0.0.0.0/0 -l -j DENY
-A input -i ppp0 -s 0.0.0.0/0 -p TCP -d 212.56.64.121/32 :80 -j ACCEPT
-A input -i ppp0 -s 0.0.0.0/0 -p UDP -d 212.56.64.121/32 :80 -j ACCEPT
-A input -i ppp0 -s 0.0.0.0/0 -p TCP -d 212.56.64.121/32 20:25 -j ACCEPT
-A input -i ppp0 -s 0.0.0.0/0 -p UDP -d 212.56.64.121/32 20:25 -j ACCEPT
-A input -i ppp0 -s 0.0.0.0/0 -p TCP -d 212.56.64.121/32 :194 -j ACCEPT
-A input -i ppp0 -s 0.0.0.0/0 -p UDP -d 212.56.64.121/32 :194 -j ACCEPT
-A input -i ppp0 -s 0.0.0.0/0 -p TCP -d 212.56.64.121/32 :53 -j ACCEPT
-A input -i ppp0 -s 0.0.0.0/0 -p UDP -d 212.56.64.121/32 :53 -j ACCEPT
-A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
-A input -i ppp0 -s 0.0.0.0/0 -p TCP -d 212.56.64.121/32 -y -l -j DENY
-A input -i ppp0 -s 0.0.0.0/0 -d 212.56.64.121/32 -j ACCEPT
-F forward
-P forward DENY
-A forward -i ppp0 -s 192.168.0.0/24 -d 0.0.0.0/0 -j MASQ
-A forward -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT
-F output
-P output REJECT
-A output -i eth0 -s 0.0.0.0/0 -d 192.168.0.0/24 -j ACCEPT 
-A output -i ppp0 -s 0.0.0.0/0 -d 192.168.0.0/24 -l -j REJECT
-A output -i ppp0 -s 192.168.0.0/24 -d 0.0.0.0/0 -l -j REJECT
-A output -i ppp0 -s 212.56.64.121/32 -d 0.0.0.0/0 -j ACCEPT
-A output -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
-A output -p tcp -d 0.0.0.0/0 telnet -t 0x01 0x10
-A output -p tcp -d 0.0.0.0/0 ftp -t 0x01 0x10
-A output -p tcp -s 0.0.0.0/0 ftp-data -t 0x01 0x08

Reply via email to