On Friday 06 February 2004 12:01 pm, Aleksandr Guidrevitch wrote: > Can anyone say if my config below is correct (/etc/sysconfig/iptables) ? > Well, it seems to work as expected, but it is so simple, > may be I'm missing some important security points ? You are certainly missing some important security. Take a look at some of the documentation for netfilter, referenced from the netfilter website, such as Oskar Andreasson's excellent tutorial at http://iptables-tutorial.frozentux.net/iptables-tutorial.html and pay particular attention to the meaning of the INPUT, FORWARD and OUTPUT chains. Specifically, packets being routed *through* the firewall from your LAN to the Internet (or vice versa) do *not* go through INPUT or OUTPUT..... Regards, Antony. > ------ > *nat > -A POSTROUTING -o ppp0 -j MASQUERADE > COMMIT > > *mangle > COMMIT > > *filter > -A INPUT -i ppp0 -p icmp -j ACCEPT > > # disabling not established and not related connections > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A INPUT -i ppp0 -j DROP > > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > > COMMIT -- Anyone that's normal doesn't really achieve much. - Mark Blair, Australian rocket engineer Please reply to the list; please don't CC me.
