LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   iptables (http://www.linuxquestions.org/questions/linux-networking-3/iptables-942684/)

sourav garai 05-01-2012 03:30 AM

iptables
 
What is the difference in between the two commands?
I want to block all data(tcp) comming from the internet(www)to my network. But allow data going from my network to internet.


iptables -A FORWARD -m tcp -p tcp -s 0/0 --sport 80 -d 172.16.1.0/24 --syn -j DROP


iptables -A FORWARD -m tcp -p tcp -d 172.16.1.0/24 --dport 80 -s 0/0 -j ACCEPT

fukawi1 05-01-2012 05:59 AM

Personally I find it easier (where applicable)to filter routed traffic by interfaces. rather than IP's/subnets. I find it centers how I think about how my rules work.
An example
Code:

-A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -i $Wan_If -o $Lan_If --dport 80 -j DROP

This will drop packets coming from the internet to the local network
I am guessing that you aren't doing egress filtering (ie filtering outgoing traffic), so the following rule probably isn't necessary. But this will allow locally generated traffic out to the internet
Code:

-A FORWARD -p tcp -i $Wan_If -o $Lan_If --dport 80 -j DROP
Also, this link is well worth reading a couple of times, and so is the iptables manpage.

sourav garai 05-01-2012 12:46 PM

Thanks. The link has almost everything about firewall configuring.. Its a great help.


All times are GMT -5. The time now is 09:31 PM.