I'd like to be able to deny all new connections to a firewall, with the
exception of port 22 (sshd) and some ports I'd like to forward internally.
Now, there is this nice feature Rusty describes to do that:
iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP
However, it seems I can't make a rule that is using the state AND a source/dest
port in there. Eg the following won't work:
iptables -A INPUT -i eth0 -m state --state NEW,INVALID --dport 22 -j DROP
iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i eth0 -m state --state NEW,INVALID --dport 25 -j ACCEPT
iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP
Anyone? :)
Paul
--
Just patent your virus and sue the anti-virus companies for reverse
enineering it.
--- cne_pc@xxxxxxxxxxxxxxxxxxxxxxxxx, in response to Norton's
patent on "software updates"
