LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-01-2003, 06:41 PM   #1
lappen
Member
 
Registered: Aug 2003
Location: Sweden
Posts: 83

Rep: Reputation: 15
iptables DEFAULT POLICY


What should I think about if i set all my POLICIES to DROP?

Last time I had drop on all of them I couldn't browse on the net,
 
Old 08-02-2003, 06:41 AM   #2
/bin/bash
Senior Member
 
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802

Rep: Reputation: 47
You most definitely will not be able to browse the net if your default policies are set to DROP.

There is a prebuilt firewall for about any need right here. Just browse through them till you see one that fits your needs.
 
Old 08-02-2003, 06:43 AM   #3
Proud
Senior Member
 
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794

Rep: Reputation: 116Reputation: 116
Try a gui firewall configurer like Guarddog or Firestarter to tweak it to your needs.
 
Old 08-02-2003, 10:05 PM   #4
lappen
Member
 
Registered: Aug 2003
Location: Sweden
Posts: 83

Original Poster
Rep: Reputation: 15
not really found of GUI's and autoconf tools but ill check out that netfilter site and see if I find a quick example of what im looking for...
Don't think I wan't to use a prebuilt script was kinda looking forward to writing my own.

btw if I set all my policies to DROP shouldn't I be able to allow browsing? something like this (except this doesn't work)

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# (know port 80 is for internal webserver, couldn't I change the
# port to ??? so browsing is allowed
# eth0 = external iface
# eth1 = internal iface (192.168.0.0/24)

iptables -A OUTPUT -i eth0 -p TCP --sport 80 -j ACCEPT
iptables -A FORWARD -i eth1 -p TCP --sport 80 -j ACCEPT


btw thanks for the site
 
Old 02-22-2011, 03:23 PM   #5
Apostle1911
LQ Newbie
 
Registered: Feb 2011
Posts: 2

Rep: Reputation: 0
Try

iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 80 -m state --state ESTABLISHED,RELATED

Last edited by Apostle1911; 02-22-2011 at 03:26 PM.
 
Old 02-22-2011, 03:56 PM   #6
slack-fu
Member
 
Registered: Feb 2006
Location: Norway
Distribution: Slackware Linux 13.37
Posts: 71

Rep: Reputation: 10
Https normally use port 443 you might want to allow that if you plan to use your online bank or something similar
 
Old 02-22-2011, 05:36 PM   #7
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
You do realize this thread is almost 8 years old, don't you?
 
Old 02-23-2011, 12:10 AM   #8
Apostle1911
LQ Newbie
 
Registered: Feb 2011
Posts: 2

Rep: Reputation: 0
Lol yeah, but that doesn't make this information any less relevant. Of course, there are better things out there than linux iptables now, but people still use them.
 
Old 02-23-2011, 04:55 AM   #9
slack-fu
Member
 
Registered: Feb 2006
Location: Norway
Distribution: Slackware Linux 13.37
Posts: 71

Rep: Reputation: 10
Oooops! Its not my fault I didnt look at the dates
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba System Policy, Default User Policy scooter549 Linux - General 2 02-24-2009 03:23 AM
security policy iptables Ammad Linux - Security 2 11-14-2005 07:15 AM
iptables - default output policy ridertech Linux - Networking 1 05-08-2004 07:37 PM
iptables: Bad policy name rioguia Linux - Security 10 01-10-2003 12:21 AM
WU-FTPD and IPTABLES DROP Policy Cpare Linux - Networking 0 10-23-2001 10:19 PM


All times are GMT -5. The time now is 08:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration