One of the things you'll want to do for a firewall is to stealth certain ports, correct?
Stealthing ports using IPTABLES is fairly simple. Just use:
iptables -i {external_interface} -p {protocol} --dport {port_number} -j DROP
{external_interface} should be set to whatever interface your server uses to connect to the internet (eg. ppp0). {protocol} can be set to tcp, upd or icmp, depending on what protocol you want to work with. {port_number} can be set to the port number you wish to stealth. For example, if you want to block internet access to an FTP server, you would put 21 as the port number.
So, as an example, I have my linux server set up to deny FTP connections from internet clients. My DSL connection is ppp0, so my iptables ruleset looks like:
iptables -i ppp0 -p tcp --dport 21 -j DROP
You can also chose to stealth EVERYTHING against a certain protocol. For instance, I don't want internet users to be able to ping my machine, so I just use:
iptables -i ppp0 -p icmp -j DROP
Good luck.
Last edited by Moltag; 07-15-2003 at 03:40 PM.
|