On Tuesday 13 April 2004 10:28 pm, Luis GUSTAVO wrote:
> Hi,
>
> i´m looking for a script for my adsl conection.
Er, that's not a very helpful description, but anyway...
> i found this
>
> iptables -F
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
> iptables -P FORWARD DROP
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
> iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
> iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
Hmmm. Looks like one of mine :)
> when i apllyed this rules, my machines clients, don´t know acces my
> machine.
I tell you what - you let us know what you'd like your firewall to do, and we
might be able to help you.
If you don't tell us what your network setup is, and what you want your
firewall to do for you, we might not be able to suggest the perfect ruleset
for your needs.
I *did* say when I posted the above ruleset that it allowed me to access
*from* the machine the rules were running on *to* other systems by SSH, and
blocked *all access in to my machine* (which is what I consider to be
secure).
Therefore that fact that after you've applied these rules to your machine,
your clients can't access the system, suggests that the ruleset is working
correctly.
Tell us what you'd like to be different (and preferably tell us what you've
tried yourself and had problems with) and we'll see what we can do to help.
Regards,
Antony
--
"640 kilobytes (of RAM) should be enough for anybody."
- Bill Gates
Please reply to the list;
please don't CC me.
