I am just configuring a machine and would like to setup a firewall on it using iptables. I am keen on setting up properly on the first go since I dont want to be left with a machine that I cant ssh into.
The machine has just one nic eth0 which is connected to the net. There is not NAT or MASQ to be done
Here is what I have so far.
/sbin/iptables -N block /sbin/iptables -A block -p ICMP -j ACCEPT /sbin/iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A block -j DROP
/sbin/iptables -A INPUT -j block /sbin/iptables -A FORWARD -j block
What rules do I need to add to the block chain to allow any new connections from machine to the outside world ? would it just be
/sbin/iptables -A block -m state --state NEW -o eth0 -j ACCEPT
I am also going to be hosting a site, so the following rule will be added as well,
/sbin/iptables -I block -p tcp --dport 80 -j ACCEPT
Do these rules sound about right ?
Thanks and regards,
Shri
--
------------------------------------------------------------------------
Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745
I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499
Web: www.urbyte.com Email: shri@xxxxxxxxxx