[TCLUG] iptables configuration

[Joe Stuart]

An easy way to do it is set the default input policy to drop

iptables -P INPUT DROP

Then only accept established and related connections coming in.

iptables -A INPUT -i $ETH_INF -m state --state ESTABLISHED,RELATED -j
ACCEPT

but beyond that it looks like you should read up a little more on
iptables do a google search for iptables tutorial.



>>> linuser at esox.us 12/24/04 02:26AM >>>
Hi,

I am trying to get my router to share files and internet with two 
desktops on separate interfaces.

I have the forwarding for samba and NAT going but I am trying to close

the firewall to the outside world and I don't have the command quite
right.

I have this temporarily but it excludes eth1 from everything.

"iptables -I INPUT -p tcp --dport smtp -i ! eth2 -j REJECT"

I no there is a better way but I can't remember it.

Any help is appreciated.

-- 
Dave Erickson ( http://www.esox.us/ ) <>< ;-)

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org 
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery 
tclug-list at mn-linux.org 
https://mailman.real-time.com/mailman/listinfo/tclug-list

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list