Hi. I'm trying to enable a firewall on my linux router. eth0 router: Internet Connection eth1 router: LAN connection I want allow to my LAN users: browse web pages, and send and recieve email, and nothing more, because this router is connected to a VSAT connection, and upload bandwidth is very small. Also, I need to manage Linux router from a Internet host via ssh and ftp. Is ok next configuracion ? Thank you very much. ... mac iptables -A OUTPUT -p tcp --dport 80 -o eth0 -j ACCEPT iptables -A OUTPUT -p tcp --dport 25 -o eth0 -j ACCEPT iptables -A OUTPUT -p tcp --dport 110 -o eth0 -j ACCEPT iptables -A OUTPUT -p tcp --dport 22 -o eth0 -j ACCEPT iptables -A OUTPUT -p tcp --dport 21 -o eth0 -j ACCEPT iptables -A OUTPUT -p tcp --dport 20 -o eth0 -j ACCEPT iptables -A OUTPUT -p tcp --dport 53 -o eth0 -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Protección contra Syn-flood (inundación mediante Syn): iptables -A OUTPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT #Furtivo buscando puertos (port scanner): iptables -A OUTPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT #Ping de la muerte: iptables -A OUTPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT # iptables -A OUTPUT -m state --state NEW -i ! ppp0 -j ACCEPT iptables -A OUTPUT -j DROP _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
