- Original Message -
From: gabriel [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, September 01, 2003 2:57 PM
Subject: Re: [gentoo-user] iptables help
NO! that will pretty much negate the use of a firewall alltogether!
where
are you droping/rejecting packets? basically your
- Original Message -
From: gabriel [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, September 01, 2003 2:57 PM
Subject: Re: [gentoo-user] iptables help
NO! that will pretty much negate the use of a firewall alltogether!
where
are you droping/rejecting packets? basically your
Try FireHOL very nice tool. Generate stateful iptables packet filtering
firewalls very very easy
http://firehol.sourceforge.net/
-
Gregory
-Original Message-
From: Andrew Gaffney [mailto:[EMAIL PROTECTED]
Sent: Friday, August 29, 2003 6:48 PM
To: Gentoo User
Subject:
should this not be the second line line ?
first the
echo 1 /proc/sys/net/ipv4/ip_forward
then all the drop statements
and then the allow rules ?
Patrick
On Mon, 01 Sep 2003 12:23:38 -0500
Andrew Gaffney [EMAIL PROTECTED] wrote:
iptables -P INPUT DROP
--
Do you know what a Vulcan mind
Patrick Marquetecken wrote:
should this not be the second line line ?
first the
echo 1 /proc/sys/net/ipv4/ip_forward
then all the drop statements
and then the allow rules ?
I will probably move the DROP policy line back towards the top. I did it
this way so I could be sure I didn't lock
On September 1, 2003 01:23 pm, Andrew Gaffney wrote:
Based on replies on this list and another, I have come up with the
following iptables rules that work for me:
echo 1 /proc/sys/net/ipv4/ip_forward
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
gabriel wrote:
On September 1, 2003 01:23 pm, Andrew Gaffney wrote:
Based on replies on this list and another, I have come up with the
following iptables rules that work for me:
echo 1 /proc/sys/net/ipv4/ip_forward
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your best bet for rules for this would be rules like:
ipables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK SYN -m
limit
On Fri, 29 Aug 2003 10:47:59 -0500
Andrew Gaffney [EMAIL PROTECTED] wrote:
I'm trying to create a firewall using iptables. I want it to drop
incoming packets except to ports 22, 25, and 80 unless the source
address is 192.168.254.x. I'm asking before I do this because I'm
accessing the
On Fri, 29 Aug 2003 20:52:42 +0200
Peter Eis [EMAIL PROTECTED] wrote:
Why hazzle with iptables?
I'd rather recommend using shorewall (emerge shorewall). It's much
easier to configure and has as lot features you'll probably want.
Peter
Andrew Gaffney wrote:
I'm trying to create a
On Friday 29 August 2003 20:12, Andrew Gaffney wrote:
Rudmer van Dijk wrote:
On Friday 29 August 2003 19:21, Andrew Gaffney wrote:
Andrew Gaffney wrote:
iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 25
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'd suggest the second option, but be sure to change the policy to DROP
_after_ you've set up rules to allow you access.
- -Jason Martin
On Fri, 29 Aug 2003, Andrew Gaffney wrote:
I'm trying to create a firewall using iptables. I want it to drop
So I should do:
iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -P INPUT DROP
The first line would accept anything from any IP in the
At 29 August, 2003 Andrew Gaffney wrote:
I'm trying to create a firewall using iptables. I want it to drop
incoming packets except to ports 22, 25, and 80 unless the source
address is 192.168.254.x. I'm asking before I do this because I'm
accessing the computer remotely right now and I
- Original Message -
From: Andrew Gaffney [EMAIL PROTECTED]
To: Gentoo User [EMAIL PROTECTED]
Sent: Friday, August 29, 2003 12:47 PM
Subject: [gentoo-user] iptables help
I'm trying to create a firewall using iptables. I want it to drop
incoming packets except to ports 22, 25, and 80
Andrew Dacey wrote:
- Original Message -
From: Andrew Gaffney [EMAIL PROTECTED]
To: Gentoo User [EMAIL PROTECTED]
Sent: Friday, August 29, 2003 12:47 PM
Subject: [gentoo-user] iptables help
I'm trying to create a firewall using iptables. I want it to drop
incoming packets except to
Andrew Gaffney wrote:
Andrew Dacey wrote:
- Original Message - From: Andrew Gaffney
[EMAIL PROTECTED]
To: Gentoo User [EMAIL PROTECTED]
Sent: Friday, August 29, 2003 12:47 PM
Subject: [gentoo-user] iptables help
I'm trying to create a firewall using iptables. I want it to drop
On Friday 29 August 2003 19:21, Andrew Gaffney wrote:
Andrew Gaffney wrote:
iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT
Rudmer van Dijk wrote:
On Friday 29 August 2003 19:21, Andrew Gaffney wrote:
Andrew Gaffney wrote:
iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
Why hazzle with iptables?
I'd rather recommend using shorewall (emerge shorewall). It's much
easier to configure and has as lot features you'll probably want.
Peter
Andrew Gaffney wrote:
I'm trying to create a firewall using iptables. I want it to drop
incoming packets except to ports 22, 25,
On Fri, Aug 29, 2003 at 08:52:42PM +0200, Peter Eis wrote:
Why hazzle with iptables?
I'd rather recommend using shorewall (emerge shorewall). It's much
easier to configure and has as lot features you'll probably want.
I'll second that. Shorewall works at a higher level of abstraction -
21 matches
Mail list logo