Am Don, 2003-08-14 um 20.28 schrieb Payal Rathod: > Hi, > I have designed a simple firewall ruleset. Can someone please check > them? > It is kept at http://payal.staticky.com/firewall-1.txt 1. FTP, SSH and HTTP are only TCP. You can remove the UDP rules. 2. You should never see any packets coming from 127.0.0.1 going to any other IP-address than 127.0.0.1. To allow localhost traffic just do iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT 3. Last output rule seems bogus. You probably mean -d 0/0 but you can omit that since it is the default value. 4. First and last rule in the Forward chain do the same. Drop one of them. (I would drop the first one ;-) 5. You can use connection tracking for the INPUT and OUTPUT chains as well. Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
