LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   IPTables examples? (https://www.linuxquestions.org/questions/linux-security-4/iptables-examples-38534/)

tarballed 12-16-2002 01:30 PM
IPTables examples?
 
Hello everyone.

I was curious if anyone could post a snippet of some IPTables examples?

Specifically, I wanted to see what the rules would like look for the following situation:

No outside access to my internal LAN. I have no web server, DNS server or email server. Just my LAN reaching the outside world to access email, DNS and web servers.

Also, the rules that would stop Ping, traceroute and NMAP requests.

I just want to get a feel of what the rules look like.

Thanks everyone.

I appreciate it.

tarballed

indi 12-16-2002 02:25 PM
why don't you browse http://www.shorewall.net/

You can avoid the complex iptable configuration. This tool will allow you to do the same with gerat ease.

nastrand 12-17-2002 10:32 AM
check out http://www.sns.ias.edu/~jns/security...les/rules.html

unSpawn 12-17-2002 01:09 PM
Here's some more links:

Netfilter+Iptables HOWTO:
LQ search: iptables+howto,
Linuxguruz.org,
Netfilter.org Packetfiltering HOWTO,
Linuxsecurity.com Iptables tutorial,
Andreasson's Iptables tutorial,
Iptables Connection tracking.

Ipchains HOWTO:
TLDP Ipchains HOWTO,
Flounder.net Ipchains HOWTO.

Other resources/misc stuff:

Assigned ports > 1024,
FAQ: Firewall Forensics (What am I seeing?),
Linux Firewall and Security Site,
Auditing Your Firewall Setup (old, still usefull),
TLDP: Firewall Piercing mini-HOWTO"],
Something called the "Home PC Firewall Guide",
Vendor/Ethernet MAC Address Lookup,
Netfilter Iptabes/Ipchains Log Format,
Dshield (find out if IP was marked as used in attacks),
(Snort) Port search,
Neohapsis Port search,
(IPMasq) P2P ports,
Infosyssec's Firewall Security and the Internet (badly updated site).

tarballed 12-20-2002 01:57 PM
Just wanted to get some quick feedback on this NAT/MASQ setup...just want to see if I have this correct.

# MASQUERADE the connection (-j MASQUERADE).
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

That about right? Using cable modem and receive my IP via DHCP.


THanks


Tarballed

Grim Reaper 12-21-2002 04:37 AM
UnSpawn...could you please create a stick thread up the top of this forum thats closed with all your links in there...you've posted your huge list on security a few times, but i can't remember key words to search for, so to save time could you post them up the top...im going to slowly work my way thru them all, but im not going to save them to my machine, ill just come back to view them...also all these ones on IPTables, etc....

Pleaseeee :)

Grim Reaper 12-23-2002 02:17 PM
any news?

peter_robb 12-27-2002 10:07 AM
You need to add
echo 1 > /proc/sys/net/ipv4/ip_dynaddr


All times are GMT -5. The time now is 04:22 PM.