Re: Any holes in this firewall script?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jun,
What about the destination ips? These rules will allow from interal to any of the destination and external to any of the internal ips which is ofcourse dangerous. So I do suggest you to defie the rules for the destinations also(-d).  And do not allow all the protocals.

Regards
Dharmendra T.
On Wed, 2003-06-04 at 20:45, Jun Sun wrote:
On Wed, Jun 04, 2003 at 11:12:37AM +0530, Dharmendra.T wrote:
> Yes, but after that you are allowing everything from all the
> interfaces.  Which is not recommended to do so.
>

Eh?  Which rules allow everything from all interfaces?

I have the following, which only allow all packets with the right
IP address range from internal interface and lo:

$IPTABLES -A INPUT -p ALL -i $INTIF -s $INTLAN -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LOIF -s $LOIP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LOIF -s $INTIP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LOIF -s $EXTIP -j ACCEPT

Jun
-- 
Regards
Dharmendra.T


This message is intended for the addressee only. It may contain privileged or Confidential information. If you have received this message in error,please notify the sender and destroy the message immediately.Unauthorised use or reproduction of this message is strictly prohibited.

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux