Building Firewall/Router in Slackware
 

Hi, I am attempting to build a Linux firewall/router. I have managed to install slackware and get everyones machines talking to each other, no problems there. I have got NAT working by using the following command in iptables.
I want to have a deny all policy and then specify what i want to enter the network. This is where i get confused. Do i perform the filtering within the INPUT chain of the filter table. Just a pointer in the right direction would be nice.
Thanks

Chains INPUT controls packets coming to the router only
Chains OUTPUT controls packets coming out from the router only
Chain FORWARD controls packets moving between networks that your router connects.

FORWARD controls incoming packets to a device (like eth0).

if eth0 if your local LAN then
iptables -A FORWARD -p tcp -o eth0 -j ACCEPT
will accept tcp packets incoming to subnet

if eth1 is public WAN
iptables -A FORWARD -p tcp -o eth1 -j ACCEPT
will accept tcp packets incoming to internet (or less formally outgoing from subnet)

Standard policies if you want to drop all traffic at start is:

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

but be carefull not to block yourself if you manage router remotely.

Then if you want to make a hole:
iptables -A FORWARD -p tcp -o eth1 --dport 80 -j ACCEPT
will allow users form LAN to connect to websites (port 80)

I'm sure you'll figure it out, there's planty of tutorials.

PS. Packet forward needs to be turned on. This should do the job:
echo 1 > /proc/sys/net/ipv4/ip_forward