[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] iptables rules?



Joerg Bruenner wrote:

Hi,

my firewall looks like:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Ping from the firewall-box to box A will be answered.
A ping from box A to the firewall reaches but will not be answered.

What do I have to do ?

Thanks a lot for help
Joerg


	

	
		
Mit schönen Grüßen von Yahoo! Mail - http://mail.yahoo.de

iptables is easy

do iptables --list to see your rules.
Looks like yours is default and wide open.
My iptables on internet connected box looks like this

*aurbain@allYourBaseBelongToUs:~> sudo cat /etc/iptables.conf
# Generated by iptables-save v1.2.7a on Fri Aug 22 09:33:18 2003
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s x.x.x.0/255.255.254.0 -j ACCEPT
-A INPUT -s y.y.y.0/255.255.254.0 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
COMMIT
# Completed on Fri Aug 22 09:33:18 2003


I drop all incomming packets,
disallow forwarding
allow all outgoing
now that I think about it, I'm going to do some egress filtering.
Thanks for the idea!


/etc/init.d/iptables restart
will read the above file and load it, check out the script.

*

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here