> > Accept traffic from my private LAN. > > > > # Special OUTPUT rules to decide which IP's to allow. > > > > $IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT > > $IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT > > $IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT > > > > To allow outbound traffic. This correct? I had question here. > > errr...how about: > > iptables -A OUTPUT -j ACCEPT > > or just: > > iptables -P OUTPUT ACCEPT > > if someone can change the source IP of packets associated with > locally-generated packets, you have bigger problems than a firewall rule > that checks source IPs. Agreed, but is that any reason to make it easier for them? I use similar rules which BTW are out of Oskar's Tutorial. While I thankfully haven't seen it yet on a Linux box (and with any luck I won't), on windows boxes it's not unusual for programs to create or use interfaces and assign IPs to them and then use these interfaces to query your network. AOL does this constantly and although I believe they are trying to determine the most appropriate server to assign to your connection, it's still unnerving to see public IPs on your LAN. :-p Jeff
