LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page [SOLVED] iptables
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-01-2012, 03:30 AM   #1
sourav garai
LQ Newbie
 
Registered: Mar 2012
Posts: 6

Rep: Reputation: Disabled
Smile iptables

What is the difference in between the two commands?
I want to block all data(tcp) comming from the internet(www)to my network. But allow data going from my network to internet.


iptables -A FORWARD -m tcp -p tcp -s 0/0 --sport 80 -d 172.16.1.0/24 --syn -j DROP


iptables -A FORWARD -m tcp -p tcp -d 172.16.1.0/24 --dport 80 -s 0/0 -j ACCEPT
Last edited by sourav garai; 05-01-2012 at 03:33 AM.
 
Old 05-01-2012, 05:59 AM   #2
fukawi1
Member
 
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 193Reputation: 193
Personally I find it easier (where applicable)to filter routed traffic by interfaces. rather than IP's/subnets. I find it centers how I think about how my rules work.
An example
Code:
-A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -i $Wan_If -o $Lan_If --dport 80 -j DROP
This will drop packets coming from the internet to the local network
I am guessing that you aren't doing egress filtering (ie filtering outgoing traffic), so the following rule probably isn't necessary. But this will allow locally generated traffic out to the internet
Code:
-A FORWARD -p tcp -i $Wan_If -o $Lan_If --dport 80 -j DROP
Also, this link is well worth reading a couple of times, and so is the iptables manpage.
 
Old 05-01-2012, 12:46 PM   #3
sourav garai
LQ Newbie
 
Registered: Mar 2012
Posts: 6

Original Poster
Rep: Reputation: Disabled
Thanks. The link has almost everything about firewall configuring.. Its a great help.
 
  


Reply

Tags
firewall


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables can't initialize iptables table `filter': Bad file descriptor donalbane Linux - Networking 2 08-17-2011 08:36 AM
iptables error in android: iptables-save and iptables-restore not working preetb123 Linux - Mobile 5 04-11-2011 01:56 PM
On what basis CHAIN integer values are generated in IPtables under iptables file? haariseshu Linux - Server 3 11-05-2009 04:25 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 07:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:16 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration