I forget next data: Kernel 2.4.20 iptables 1.2.8 iproute (last stable) RH72 :-) -> -> Hi. -> -> I'm trying to enable a firewall on my linux router. -> -> eth0 router: Internet Connection -> eth1 router: LAN connection -> -> I want allow to my LAN users: browse web pages, -> and send and recieve email, and nothing more, because -> this router is connected to a VSAT connection, and -> upload bandwidth is very small. -> -> Also, I need to manage Linux router from a Internet -> host via ssh and ftp. -> -> Is ok next configuracion ? -> -> Thank you very much. -> ... mac -> -> -> iptables -A OUTPUT -p tcp --dport 80 -o eth0 -j ACCEPT -> iptables -A OUTPUT -p tcp --dport 25 -o eth0 -j ACCEPT -> iptables -A OUTPUT -p tcp --dport 110 -o eth0 -j ACCEPT -> iptables -A OUTPUT -p tcp --dport 22 -o eth0 -j ACCEPT -> iptables -A OUTPUT -p tcp --dport 21 -o eth0 -j ACCEPT -> iptables -A OUTPUT -p tcp --dport 20 -o eth0 -j ACCEPT -> iptables -A OUTPUT -p tcp --dport 53 -o eth0 -j ACCEPT -> iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -> -> -> # Protección contra Syn-flood (inundación mediante Syn): -> iptables -A OUTPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT -> -> #Furtivo buscando puertos (port scanner): -> iptables -A OUTPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m -> limit --limit 1/s -j ACCEPT -> -> #Ping de la muerte: -> iptables -A OUTPUT -p icmp --icmp-type echo-request -m limit -> --limit 1/s -j ACCEPT -> -> -> # iptables -A OUTPUT -m state --state NEW -i ! ppp0 -j ACCEPT -> iptables -A OUTPUT -j DROP -> _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
