Help configuring iptables needed.
 

Over the past few days my system has come under several attacks, most recently last night and besides that I'm generally paranoid about my security, so I'm trying to configure iptables to block more or less all traffic. I tried serveral of the graphical "firewall" programs floating around for Linux, but I realise that these are just gui front-ends for iptables and from what I've seen, they aren't worth squat.

However, my problem with iptables is that those guide for it that I've found so far on the internet assume a level of expertise that I simply don't have, and skip what I'd consider the basics in favour of advanced scripting.

All I want to do is to set iptables to what I assume is a standard network setup, which I'd describe as follows: "block all internet traffic and stealth all ports except for specific services and applications that I choose to allow"

If anyone out there can point me the right way, I'd consider you a huge lifesaver. :)

If you browse through the examples on LQ, you should find a lot of very simple Firewall scripts that you can use and modify. Let me find a few for you...

Cheers!

I didn't get a chance to search this morning when I posted as I was on my way out the door to work.

You may find some help here....
http://www.linuxquestions.org/questi...34#post1149834
let me know if you would like to customize it.

Here's a good place to start http://www.linuxguruz.com/iptables/howto/ (It's where I started)

Hello Fenster,

I’m using Firestarter (http://firestarter.sourceforge.net/) takes out all the difficult parts of the Firewall setup.

It also shows real time log and events for your settings.

With kind regards,

Richard

I tried firestarter. It didn't really do anything other than sit there.

I was watching on tcpdump and Ethereal last night as someone scanned my ports and it didn't report a single thing. Stuff like that.

###############
# INPUT #
###############

# Droping all new and invalid connections coming from outside and loging them
# Check out log by runing *dmesg* as root
/sbin/iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j LOG
/sbin/iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP

# Drop all tcp connection request coming from outside (syn packets)
/sbin/iptables -A INPUT -i ppp0 -p tcp --syn -j DROP

# Do not ping me you ******* :)...
/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

##################
# FORWARD #
##################

# Drop ALL on this chain
/sbin/iptables -P FORWARD DROP

#################
# OUTPUT #
#################

# Just in case... (no ping replys, pongs)
/sbin/iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP


This is just a simple config...
It should be enough for you to be stealth from port scanners and script kiddies...