Re: Script review please

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Am Dienstag, 14. Juni 2005 23:12 schrieb Gavin Henry:

Sorry, but your script is horrible....

My advice is to split up the rules like this:

iptables -P DROP
iptables -A INPUT -i eth0 -s <lan-net> -j from_lan
iptables -A INPUT -i ppp0 -j from_inet
iptables -A INPUT -i ipsec0 -j from_vpn
iptables -A INPUT -j LOG 

iptables -N from_lan
iptables -A from_lan -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A from_lan -p tcp --dport 80 -j ACCEPT

this is only a simple start. Hope you get the point. Same for the output
an forwarding-rules.

Michael.

> May I run the following past you to see if I have any stupid errors or if
> you have some good advice?
>
> Thanks again.

-- 

          SysQuadrat    Systeme mit Sicherheit
    Michael Weinert Stuttgart Filderstadt-Plattenhardt
  Tel.: 0711-9970288 Fax: 5360559 Mobil: 0170-4141273
   http://www.linux-firewall.de  weinert@xxxxxxx
           KeyServer hkp://pgp.mit.edu

Attachment: pgpO1IC7X2Yc2.pgp
Description: PGP signature

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux