Input on IPTables
Hi
Can anyone please give me som efeedback on this Netfilter/IPTables rules. Not quitre sure if I've gotten it right: Code:
#enable IP forwarding |
Before I go giving my thoughts about this script, have you tried it yourself to see if works out the way you scripted it?
|
Well actually I've tried a couple of times, and I'm anable to get the script to load. I've done some alterations as well:
Code:
#enable IP forwarding /Andy |
Try uncommenting the line that defines the path to iptables, that might have something to do with it.
|
still no luck.
I now that the syntax on the rules as correct since I've been able to type them in manually and that worked. /Andy. |
Just to rule out the simple things, you have the file chmod'd to execute, and you have #!/bin/bash at the top of your script, correct?
|
Quote:
|
iptables="/sbin/iptables"
$IPTABLES you use lowercase to declare it then use uppercase to call the variable. Case does matter |
Finnally I got the script up and running and have only a few more questions. Thank you all for valuable input:-)
At the top I have default DROP for all chains. But how can i achieve to only drop traffic on the internet interface (eth0) and on the lan(eth2) and DMZ(eth1) REJECT not allowed traffic? The script now looks like this: Code:
#!/bin/bash |
would the addition of these rules solve this?:
Code:
# reject internal traffic |
As per the security side, I would rather drop than reject the traffic. That is my only two cents ;)
|
I totally agree with you, but on the external interface the defualt rule is to drop
Code:
#standard rules drop default ################### Code:
# reject internal traffic |
But the script in generall, anyone who can see anything that you consider "wrong" or flawed that will cause the ruleset not to work
/Andy |
Well let me ask from your point of view; Does it work for you? What all else do you want it to do?
|
All times are GMT -5. The time now is 08:32 AM. |