- thanks for the links guys i have read some of them and they very educational.
- after reading those links i tried to test my iptables skills
, i have adop the rule to block all and allow only those that i need. and this is what i did.
firs i block all incoming connections:
then i tried to access the internet and still i can have an access
then i also block all outgoing connections:
so now INPUT and OUTPUT is block, then i tried accessing the internet and no such luck. in our small network i think the only services that we really need is just web browsing, the ftp, IM (yahoo primarily, email. unless there services that should not be block.
so i first try to allow our network have access to internet and tried this:
Quote:
iptables -A INPUT -s 0/0 -p tcp -sport 80 -j ACCEPT
iptables -A OUTPUT -s 0/0 -p tcp dport 80 -j ACCEPT
|
and the result no internet access, so i tried added the same code only this time i change tcp to udp and still no access. then i tried this:
Quote:
iptables -A INPUT -s 0/0 -p tcp -sport 80 -j ACCEPT
iptables -A INPUT -s 0/0 -p udp -sport 80 -j ACCEPT
iptables -A INPUT -s 0/0 -p tcp -dport 80 -j ACCEPT
iptables -A INPUT -s 0/0 -p udp -dport 80 -j ACCEPT
iptables -A OUTPUT -s 0/0 -p tcp -sport 80 -j ACCEPT
iptables -A OUTPUT -s 0/0 -p udp -sport 80 -j ACCEPT
iptables -A OUTPUT -s 0/0 -p tcp -dport 80 -j ACCEPT
iptables -A OUTPUT -s 0/0 -p udp -dport 80 -j ACCEPT
|
and wala!!! we have internet access i was so happy!!! but is this correct can i have your opinion guys...thanks