On 06/14/2007 11:02 PM, Jeffrey C. Ollie wrote: > [15:24] skvidal: uno momento > [15:24] skvidal: http://linux.duke.edu/~skvidal/misc/iptables-template Regarding this rules... Better would be to set default input policy to DROP, if you don't do any logging at the end; Or do logging :-) You should also add a rule for *auth* tcp/113. never drop that, accept it or reject it! Else any auth check will need to run into a timeout... For host-based firewalls this is not needed, but if you have hosts behind this host (eg. host acting as a gateway), you should also add rules like this for traceroute: -A INPUT -m state --state NEW -p udp -m udp --dport 33434:33524 -j ACCEPT -of
