[LARTC] Firewall Question?

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have a iptables firewall version 1.2.5, I LOVE IPTABLES SO MUCH MORE
THINGS YOU CAN DO. I have a small network off my eth0 interface
192.168.0.X network and my ppp0 is my DSL connection, with the current
firewall how would I block someone going to the Internet from my eth0
interface. I have tried many of things here and had no luck.

Both my INPUT and OUTPUT used a DROP policy by default and I am using
NAT to route my traffic to the Internet.



echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 2400 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack

modprobe ip_conntrack
modprobe ip_tables
modprobe iptable_filter
modprobe iptable_mangle
modprobe iptable_nat
modprobe ipt_LOG
modprobe ipt_REJECT
modprobe ipt_MASQUERADE
modprobe ip_conntrack_ftp
modprobe ipt_owner
modprobe ip_conntrack_irc
 
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ppp0  -j MASQUERADE
iptables -A FORWARD  -j ACCEPT


iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
iptables -A INPUT -i ppp0 -p udp     --dport 1024: -j ACCEPT
iptables -A INPUT -i ppp0 -p udp     --sport 67 --dport 68    -j ACCEPT
iptables -A INPUT -i ppp0 -p udp -s 208.188.197.4 --sport 53 --dport
1024:65535 -j ACCEPT iptables -A INPUT -i ppp0 -p udp -s 206.148.122.8
--sport 53 --dport 1024:65535 -j ACCEPT 
iptables -A INPUT -i ppp0 -p udp -s 206.148.122.2 --sport 53 --dport
1024:65535 -j ACCEPT iptables -A INPUT -i ppp0 -p tcp ! --syn -j ACCEPT
iptables -A INPUT -i ppp0 -p icmp -j DROP iptables -P INPUT DROP



iptables  -A  OUTPUT -d 192.168.0.0/24  -j ACCEPT
iptables  -A  OUTPUT -d 255.255.255.255 -j ACCEPT
iptables  -A  OUTPUT -d 127.0.0.1 -j ACCEPT
iptables  -P  OUTPUT DROP
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux