Linux router IPTABLES Howto

hakcenter · 07-14-2003, 01:39 PM

If someone will host the script, let me know and I'll edit this post.

Moderators, please sticky this.

Eth devices considered, eth0 eth1, one being WAN, one being internal LAN. Do not try to run this script remotely, you will be disconnected.

Last few lines must typed in console:

Flushing IP Tables Configuration

service iptables stop
service iptables save
service iptables start

Setting Default Rules

iptables -A INPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP

Securing Connections

iptables -A FORWARD -i eth1 -o eth0
iptables -A FORWARD -i eth0 -o eth1

iptables -P INPUT DROP
iptables -P FORWARD DROP

Please type the following:
ethX = WAN
ethZ = LAN
iptables -A INPUT -i ethZ -j ACCEPT
iptables -A INPUT -i ethX -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE

unSpawn · 07-14-2003, 09:03 PM

With all due respect, I think this is a bit terse to call it a "Linux router IPTABLES Howto". You say "Eth devices considered, eth0 eth1, one being WAN, one being internal LAN" but looking tru this I spot 6 devices: eth{0,1,X,y,z,Z}. IMHO it cannot be considered complete w/o brief explanation, maybe a discussion could help you make it better.