hello everyone

I have question about creating iptables zones and managing traffic with zones. In my example does that mean that in IZONE only accepts traffic from the external interface "eth0" and sends to it? and do I need to define any more: "iptables -A IZONE -i eth0" and "iptables -A IZONE -o eth0"


Example:

IP address:
eth0/192.168.1.100

Interfaces:
eth0 - external interface
eth1 - internal interface

#!/bin/bash

iptables -F
iptables -F -t nat
iptables -F -t mangle
iptables -X
iptables -X -t nat
iptables -X -t mangle
iptables -Z

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -N IZONE
iptables -N LZONE

iptables -A INPUT -i eth0 -j IZONE
iptables -A OUTPUT -o eth0 -j IZONE

iptables -A INPUT -i eth1 -j LZONE
iptables -A OUTPUT -o eth1 -j LZONE

iptables -A IZONE -p tcp -s 192.168.1.100 -d 8.8.8.8 --dport 53 -m conntrack --ctstate \
NEW,ESTABLISHED -j ACCEPT
iptables -A IZONE -p tcp -s 8.8.8.8 -d 192.168.1.100 --dport 53:65535 -m conntrack --ctstate \
ESTABLISHED -j ACCEPT

iptables -A IZONE -p tcp -s 192.168.1.100 -d 0/0 --dport 80 -m conntrack --ctstate \
NEW,ESTABLISHED -j ACCEPT
iptables -A IZONE -p tcp -s 0/0 -d 192.168.1.100 --dport 80:65535 -m conntrack --ctstate \
ESTABLISHED -j ACCEPT


Thank you

duplicate of https://www.linuxquestions.org/quest...nt-4175560528/

how to delete post from here?

you don't.

oh so sad