On Saturday 26 June 2004 9:28 am, Askar Ali Khan wrote:
> this is out im running on my slackware, adjust it to your needs :)
That's okay - I run Slackware too :)
> #!/bin/bash
> #
> # Basic script to keep the nasties out of slack-lap
>
> # First we make the default policy to drop everything
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
>
> # Allow established connections and programs that use
> loopback
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED
> -j ACCEPT
> iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo
> -j ACCEPT
# Also allow established connections *through* the router, as well as *to* it:
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# Now allow first packets of the connections we want to become established
iptables -A FORWARD -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i eth0 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 53 -j ACCEPT
> # Lets allow ssh to connect
>
> iptables -A INPUT -p tcp --dport 22 -i ppp0 -j ACCEPT
>
> #end script
The above rules should allow machines on your internal network (assumed to be
connected to eth0, adjust if otherwise) to do DNS lookups and HTTP requests
to the outside world.
Hopefully this gives you a template to which you can add more rules for
whatever other protocols you want to allow.
Regards,
Antony.
--
The words "e pluribus unum" on the Great Seal of the United States are from a
poem by Virgil entitled "Moretum", which is about cheese and garlic salad
dressing.
Please reply to the list;
please don't CC me.
