firewall outgoing connections
There have been port scanning viruses going around from people bringing in computers from their homes. I need a linux computer that will allow dhcp, and only forward udp ports 53, and tcp ports 20, 21, and 80. I have tried to make iptables do this with both the filters table and the nat table, but it either forwards everything, or nothing. Can someone please tell me what commands to give iptables?
|
The iptables forward change should look like
iptables -P FORWARD DROP; iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT; iptables -I FORWARD -i eth 0 -p tcp -d 0.0.0.0/0 --dport 80 -J ACCEPT; iptables -I FORWARD -i eth 0 -p udp -d 0.0.0.0/0 --dport 53 -J ACCEPT; iptables -I FORWARD -i eth0 -p tcp -d 0.0.0.0/0 --dport 20:21 -J ACCEPT; iptables -A FORWARD -i eth0 -o eth1 -j log --log-prefix "internal drop"; iptables -t nat -I POSTROUTING -i eth0 -o eth0 -j MASQUERADE; I assumed that eth0 is the internal network card and eth1 is external. You will need to add input rules to secure the box. |
Thank you very much :) I was leaving the standard FORWARD rule at the end, so I had the default to DROP, then I told it to accept certain rules, but then I had it forward everything anyways. Thanks again.
|
All times are GMT -5. The time now is 02:27 AM. |