Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 11-30-2005, 01:53 PM   #1
LQ Newbie
Registered: Nov 2005
Location: Pennsylvania, USA
Distribution: openSuSE 10
Posts: 27

Rep: Reputation: 15
iptables - Newbie Desktop Config

My machine is purely a desktop and will be for the foreseeable future. Therefore, I have no need for server apps. Also, I have no plans to do any sort of remote connection into my desktop machine.

Can anyone suggest a quick easy way to set up iptables so that ONLY connections initiated by my occur over the internet, and to prevent anyone connecting in from outside?

Thanks in advance -- This board has been an outstanding help!
Old 11-30-2005, 02:04 PM   #2
Senior Member
Registered: Jun 2004
Location: Chicago
Distribution: Slackware64 -current
Posts: 1,153

Rep: Reputation: 60
try to use firestarter. It is a gui firewall based on iptables. If you want to run a firewall primarily based out of a script then you will have to learn how to write iptables rules. Here's the iptables website.

BTW, what distro are you using? Even better idea is to include it in your profile.

Hope that helps
Old 11-30-2005, 02:11 PM   #3
LQ Newbie
Registered: Nov 2005
Location: Pennsylvania, USA
Distribution: openSuSE 10
Posts: 27

Original Poster
Rep: Reputation: 15
Ahh, sorry. That would make some sense!

SuSE 10 Disti
Intel P4 3.0 GHz
Old 11-30-2005, 05:05 PM   #4
Registered: Nov 2004
Location: Leiden, Netherlands
Distribution: SuSE; Fedora;Slackware
Posts: 58

Rep: Reputation: 15
I can tell you what I do to stealth a SuSE 9.3 standalone Desktop PC. Use Yast to configure your SuSE firewall further with the Security > firewall menu. Shutdown even more services you don't need via Yast > System > Services (Runlevel) . Check e.g. via Steve Gibsons ShieldsUP tells me all ports are stealthed except 113 which is closed. Gibson's site also reports that my machine still echoes icmp packets (pings). Open (as root) /etc/sysconfig/SuseFirewall2 with an editor and search for the offending entries. Edit, save and test again. Of course you will have to decide for yourself which services you want and you don't want to be running. Hope that this is of some help. In this way you will not have to think up a whole ruleset for iptables yourself, but subtle this method is not.
Old 11-30-2005, 11:48 PM   #5
Senior Member
Registered: Jun 2004
Posts: 2,553

Rep: Reputation: 52
let's see

echo "setting firewall rules...."

#Change the part after the = to the where you IPTABLES is on your system

#flush existing rules

#This allows all data that has been sent out for the computer running the firewall
# to come back adjust after the -i for your internet connection eth0 for example or whatever
#(for all of ICMP/TCP/UDP).
#For example, if a ping request is made by you it will allow the reply back
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i ppp0 -p icmp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i ppp0 -p tcp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i ppp0 -p udp

# lets try to keep those connection up 
$IPTABLES -A INPUT  -p tcp --dport 113 -j REJECT --reject-with tcp-reset
$IPTABLES -A OUTPUT -p tcp --sport 113 -m state --state RELATED -j ACCEPT

# no undesirables
$IPTABLES -I INPUT 2 -p tcp -m state --state INVALID -j DROP

#Drop all other data

# lets get fancy and disable ExplicitCongestionNotification here
echo 0 > /proc/sys/net/ipv4/tcp_ecn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables config ? ryanjliles Linux - Networking 2 09-01-2005 04:45 AM
Firestarter or IPTables config? gbg Linux - Networking 2 03-31-2004 06:44 AM
iptables config - RTT Linux - Security 2 01-10-2004 02:40 PM
Desktop Config raysr Linux - Newbie 4 12-06-2003 06:37 PM
newbie iptables config... christophe.dr Linux - Networking 1 10-08-2003 03:12 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:40 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration