Zitat von ju0815nk@xxxxxxx: > Hi, > > thanks for your help. Actually, I wanted to block all incoming traffic that > is not related to connections originating from my machine. Should a default > policy of dropping all packets plus allowing only related packages be > sufficient ? > > e.g. > > $IPTABLES -P INPUT DROP > $IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m state --state \ > ESTABLISHED,RELATED -j ACCEPT I would loose the "-d $EXTIP" because you want ESTABLISHED and RELATED also on your internal IFs. Traffic coming in your external IF for your internal net or your internal IF should be checked in the FORWARD chain. > Is there any way to test iptables-based firewalls without access to a second > machine ? > I installed the rule you told me and commented out the one allowing > connections to the firewall - but how can I test that it works for me > (except testing if my email/mozilla works)? There are many online scanners available at the net. For example http://scan.sygatetech.com/. Choose one and see what's happening. Regards Andreas
