Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 11-27-2010, 03:42 AM   #1
Registered: Feb 2009
Posts: 83

Rep: Reputation: 25
iptables rules


i have some starting problem with iptables. i know iptables is very powerful, but it's imho for beginers very complex.

i already used iptables a year ago to define very simple rules on a small home-server.
i copied and edited them from a book, which contains some easy examples. i tried to understand them, and i understood the mostly of them.

but now i have to define new more crazy rules.
my new device has much interfaces:
-loopback (lo)
-for ethernet (eth0)
-for umts/gsm (ppp0)
-wlan-access-point (mon.wlan0, wlan0, wmaster0)

here is my actual init-code for the "network-things":

# Remove all iptables-rules
iptables -F
iptables -X
# Define the rules
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# Allow ip_forward
echo "1" > /proc/sys/net/ipv4/ip_forward
So i need the ip-forwarding for the clients on the wireless.
if possible the forwarding should use the ppp-connection, otherwishe the eth0, that works great.

my new rules i need:
my device has some services running, but they should not be connectable outside from the device. the service-webinterface should be open for all clients on eth0 and wlan0

so i have to close all input traffic with my device as target. the forwarding traffic has to work.
the port 80 has to be open for the webinterface.

the next rule is: delete all input from ppp0 (only let run created connections).

has anyone an idea?


best regards
Old 11-29-2010, 07:08 PM   #2
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
Moved: This thread is more suitable in Security and has been moved accordingly to help your thread/question get the exposure it deserves.
Old 11-29-2010, 07:10 PM   #3
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
If you want to prevent input on ppp0 other than established/related connections, you can do something like:
iptables -A INPUT -i ppp+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i ppp+ -j DROP


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Restore iptables Rules that have been saved with iptables-save tiuz Linux - Security 4 08-14-2010 05:50 PM
iptables rules sajina Linux - Newbie 3 03-31-2009 10:45 PM
Need Iptables Rules nixonmohan Linux - Security 3 11-18-2007 10:43 AM
iptables 1.27a still loading rules after installing iptables 1.3.0 yawe_frek Linux - Software 1 06-07-2007 09:50 PM
IPTABLES - rules in /etc/sysconfig/iptables The_JinJ Linux - Newbie 6 11-20-2004 01:40 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:21 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration