In all this mess remember to accept packets to "lo" from your box as well as
posibly icmp errors....
$iptables -A INPUT -i lo -j ACCEPT #Established related will take care of
the return packets
$iptables -A INPUT -p ICMP --icmp-type 0 -j ACCEPT
echo "Accepting ECHO REPLYS"
$iptables -A INPUT -p ICMP --icmp-type 3 -j ACCEPT
echo "Accepting DESTINATION UNREACHABLE"
$iptables -A INPUT -p ICMP --icmp-type 5 -j ACCEPT
echo "Accepting REDIRECTS"
#maybe
#$iptables -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
#echo "Accepting ECHO"
$iptables -A INPUT -p ICMP --icmp-type 11 -j ACCEPT
echo "Accepting TIME EXCEEDED"
And. if your doing this remotely copy this to a file make it exacutable and
set cron to run it every hour or so while your working out the bugs ...so if
you do lock yourself out the system will open itself back up without you
having to go anywhere.
#!/bin/sh
# Flush and Reset IPTABLES to default values
for f in filter nat mangle
do
$iptables -t $f -F
$iptables -t $f -X
done
# Reset default policy
# filter table
for r in INPUT FORWARD OUTPUT
do
$iptables -t filter -P $r ACCEPT
done
.....my $0.02
-alex
--
[EMAIL PROTECTED] mailing list
