LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-28-2004, 02:20 AM   #1
Hegemon
Member
 
Registered: Jan 2002
Location: Australia
Distribution: Gentoo
Posts: 103

Rep: Reputation: 15
iptables rules


I've been using firestarter to manage my firewall for a while and decided that i should manualy write my own rules so i know whats going on rather than trusting it to a GUI app

This computer needs to host my webserv, ssh, act as a gateway to computer on my network and download stuff with mldonkey. eth0 is connected to my adsl modem and eth1 (although its not listed) is plugged into my hub.

Anyway i though id post them here to find out if im doing anything wrong so tell me if there are any problems or improvments, i havn't actually tested it yet incase there are any major problems (i almost forgot to allow connections out ).
Code:
#!/bin/sh

iptables --flush			# Trash any current rules
iptables --table nat --flush    	# "
iptables --delete-chain			# "
iptables --table nat --delete-chain	# "
iptables --policy INPUT DROP		# Close all ports
iptables --append OUTPUT		# Allow all outgoing connections
iptables --append FORWARD -j ACCEPT --source 192.168.1.0/24		# Setup computer as a gateway
iptables --append FORWARD -j ACCEPT --destination 192.168.1.0/24	# "
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE	# Enable Masquerade
iptables --append INPUT --jump ACCEPT --source 192.168.1.0/24 		# All traffic from inside accepted

#Allow the following ports
iptables --append INPUT --jump ACCEPT --source 0/0 -p tcp --dport 80 		# Webserver
iptables --append INPUT --jump ACCEPT --source 0/0 -p tcp --dport 22 		# SSH
iptables --append INPUT --jump ACCEPT --source 0/0 -p tcp --dport 1214 		# mldonkey (fasttrack)
iptables --append INPUT --jump ACCEPT --source 0/0 -p tcp --dport 2859 	--syn 	# mldonkey (overnet transfer)
iptables --append INPUT --jump ACCEPT --source 0/0 -p udp --dport 2859 		# mldonkey (overnet searches)
iptables --append INPUT --jump ACCEPT --source 0/0 -p tcp --dport 4662 	--syn 	# mldonkey (edonkey transfer)
iptables --append INPUT --jump ACCEPT --source 0/0 -p udp --dport 4666 		# mldonkey (edonkey seaches)

echo 1 > /proc/sys/net/ipv4/ip_forward

Last edited by Hegemon; 01-28-2004 at 02:31 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES - rules in /etc/sysconfig/iptables The_JinJ Linux - Newbie 6 11-20-2004 01:40 AM
iptables rules Fatz Linux - Security 1 08-05-2004 06:04 AM
iptables rules chrisfirestar Linux - Security 2 10-29-2003 02:30 AM
IPTables rules dkny01 Linux - Networking 6 10-23-2003 12:52 AM
iptables rules hazza96 Linux - Security 3 09-09-2001 11:16 AM


All times are GMT -5. The time now is 11:15 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration