I am new to IPTables
and moderately experienced in Linux in general so please forgive me if this is a
noob question.
I have an FTP server
that I would like to filter out all external traffic except ftp and ftp-data.
This same server has an internal interface that I would like to allow everything
on the inside to have access to. Given what I've read I have come up with this
general idea of what to put into a filter table for now. Please let me know what
your gurus of netfilter think. Thanks!
iptables -I INPUT -i eth0 -j ACCEPT
iptables -I INPUT -i eth1 -d port 21 -j ACCEPT
iptables -I INPUT -i eth1 -d port 20 -j ACCEPT
iptables -I INPUT -i eth1 -j deny
iptables -I INPUT -i eth1 -d port 21 -j ACCEPT
iptables -I INPUT -i eth1 -d port 20 -j ACCEPT
iptables -I INPUT -i eth1 -j deny
I am assuming this
is similar to Cisco access lists in that it will read along the filter list
until a hit is made then take action. Please correct me if I am
wrong.
TIA
