What about the destination ips? These rules will allow from interal to any of the destination and external to any of the internal ips which is ofcourse dangerous. So I do suggest you to defie the rules for the destinations also(-d). And do not allow all the protocals.
Regards
Dharmendra T.
On Wed, 2003-06-04 at 20:45, Jun Sun wrote:
On Wed, Jun 04, 2003 at 11:12:37AM +0530, Dharmendra.T wrote: > Yes, but after that you are allowing everything from all the > interfaces. Which is not recommended to do so. > Eh? Which rules allow everything from all interfaces? I have the following, which only allow all packets with the right IP address range from internal interface and lo: $IPTABLES -A INPUT -p ALL -i $INTIF -s $INTLAN -j ACCEPT $IPTABLES -A INPUT -p ALL -i $LOIF -s $LOIP -j ACCEPT $IPTABLES -A INPUT -p ALL -i $LOIF -s $INTIP -j ACCEPT $IPTABLES -A INPUT -p ALL -i $LOIF -s $EXTIP -j ACCEPT Jun
-- Regards Dharmendra.T This message is intended for the addressee only. It may contain privileged or Confidential information. If you have received this message in error,please notify the sender and destroy the message immediately.Unauthorised use or reproduction of this message is strictly prohibited. |
