Try FireHOL very nice tool. Generate stateful iptables packet filtering
firewalls very very easy
http://firehol.sourceforge.net/
-
Gregory
-Original Message-
From: Andrew Gaffney [mailto:[EMAIL PROTECTED]
Sent: Friday, August 29, 2003 6:48 PM
To: Gentoo User
Subject:
- Original Message -
From: "gabriel" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, September 01, 2003 2:57 PM
Subject: Re: [gentoo-user] iptables help
> NO! that will pretty much negate the use of a firewall alltogether!
where
> are y
- Original Message -
From: "gabriel" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, September 01, 2003 2:57 PM
Subject: Re: [gentoo-user] iptables help
> NO! that will pretty much negate the use of a firewall alltogether!
where
> are y
gabriel wrote:
On September 1, 2003 01:23 pm, Andrew Gaffney wrote:
Based on replies on this list and another, I have come up with the
following iptables rules that work for me:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACC
On September 1, 2003 01:23 pm, Andrew Gaffney wrote:
> Based on replies on this list and another, I have come up with the
> following iptables rules that work for me:
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
> iptables -P INPUT ACCEPT
> iptables -F INPUT
> iptables -P OUTPUT A
Patrick Marquetecken wrote:
should this not be the second line line ?
first the
echo 1 > /proc/sys/net/ipv4/ip_forward
then all the drop statements
and then the allow rules ?
I will probably move the DROP policy line back towards the top. I did it
this way so I could be sure I didn't lock mysel
should this not be the second line line ?
first the
echo 1 > /proc/sys/net/ipv4/ip_forward
then all the drop statements
and then the allow rules ?
Patrick
On Mon, 01 Sep 2003 12:23:38 -0500
Andrew Gaffney <[EMAIL PROTECTED]> wrote:
> iptables -P INPUT DROP
--
"Do you know what a Vulcan min
Based on replies on this list and another, I have come up with the
following iptables rules that work for me:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD ACCEPT
iptab
On Fri, 29 Aug 2003 20:52:42 +0200
Peter Eis <[EMAIL PROTECTED]> wrote:
> Why hazzle with iptables?
> I'd rather recommend using shorewall (emerge shorewall). It's much
> easier to configure and has as lot features you'll probably want.
>
> Peter
>
> Andrew Gaffney wrote:
>
> > I'm trying to c
On Fri, 29 Aug 2003 10:47:59 -0500
Andrew Gaffney <[EMAIL PROTECTED]> wrote:
> I'm trying to create a firewall using iptables. I want it to drop
> incoming packets except to ports 22, 25, and 80 unless the source
> address is 192.168.254.x. I'm asking before I do this because I'm
> accessing th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your best bet for rules for this would be rules like:
ipables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK SYN -m
limit
On Friday 29 August 2003 20:12, Andrew Gaffney wrote:
> Rudmer van Dijk wrote:
> > On Friday 29 August 2003 19:21, Andrew Gaffney wrote:
> >>Andrew Gaffney wrote:
> >>>iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT
> >>>iptables -A INPUT -p tcp --dport 22 -j ACCEPT
> >>>iptables -A INPUT -p
On Fri, Aug 29, 2003 at 08:52:42PM +0200, Peter Eis wrote:
> Why hazzle with iptables?
> I'd rather recommend using shorewall (emerge shorewall). It's much
> easier to configure and has as lot features you'll probably want.
I'll second that. Shorewall works at a higher level of abstraction -
lett
Why hazzle with iptables?
I'd rather recommend using shorewall (emerge shorewall). It's much
easier to configure and has as lot features you'll probably want.
Peter
Andrew Gaffney wrote:
I'm trying to create a firewall using iptables. I want it to drop
incoming packets except to ports 22, 25,
On Fri, 2003-08-29 at 11:47, Andrew Gaffney wrote:
> I'm trying to create a firewall using iptables. I want it to drop
> incoming packets except to ports 22, 25, and 80 unless the source
> address is 192.168.254.x. I'm asking before I do this because I'm
> accessing the computer remotely right n
Rudmer van Dijk wrote:
On Friday 29 August 2003 19:21, Andrew Gaffney wrote:
Andrew Gaffney wrote:
iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptab
On Friday 29 August 2003 19:21, Andrew Gaffney wrote:
> Andrew Gaffney wrote:
> > iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT
> > iptables -A INPUT -p tcp --dport 22 -j ACCEPT
> > iptables -A INPUT -p tcp --dport 25 -j ACCEPT
> > iptables -A INPUT -p tcp --dport 80 -j ACCEPT
> > iptables
On Friday 29 August 2003 18:41, Andrew Gaffney wrote:
> Andrew Dacey wrote:
> > - Original Message -
> >>I'm trying to create a firewall using iptables. I want it to drop
> >>incoming packets except to ports 22, 25, and 80 unless the source
> >>address is 192.168.254.x. I'm asking before I
Andrew Gaffney wrote:
Andrew Dacey wrote:
- Original Message - From: "Andrew Gaffney"
<[EMAIL PROTECTED]>
To: "Gentoo User" <[EMAIL PROTECTED]>
Sent: Friday, August 29, 2003 12:47 PM
Subject: [gentoo-user] iptables help
I'm trying to create a firewall using iptables. I want it to drop
Andrew Dacey wrote:
- Original Message -
From: "Andrew Gaffney" <[EMAIL PROTECTED]>
To: "Gentoo User" <[EMAIL PROTECTED]>
Sent: Friday, August 29, 2003 12:47 PM
Subject: [gentoo-user] iptables help
I'm trying to create a firewall using iptables. I want it to drop
incoming packets except
- Original Message -
From: "Andrew Gaffney" <[EMAIL PROTECTED]>
To: "Gentoo User" <[EMAIL PROTECTED]>
Sent: Friday, August 29, 2003 12:47 PM
Subject: [gentoo-user] iptables help
> I'm trying to create a firewall using iptables. I want it to drop
> incoming packets except to ports 22, 25,
At 29 August, 2003 Andrew Gaffney wrote:
> I'm trying to create a firewall using iptables. I want it to drop
> incoming packets except to ports 22, 25, and 80 unless the source
> address is 192.168.254.x. I'm asking before I do this because I'm
> accessing the computer remotely right now and I d
So I should do:
iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -P INPUT DROP
The first line would accept anything from any IP in the 192.168.25
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'd suggest the second option, but be sure to change the policy to DROP
_after_ you've set up rules to allow you access.
- -Jason Martin
On Fri, 29 Aug 2003, Andrew Gaffney wrote:
> I'm trying to create a firewall using iptables. I want it to drop
24 matches
Mail list logo