Hello again Anybody knows where can i find scripts with very restricted policies ? If someone could suggest some would be very appreciated google replies mostly basic ones regards
From: Gabriel <jarod125@xxxxxxxxx> To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: dhcp windows client port Date: Sat, 12 Nov 2005 13:25:09 -0800 (PST) On Sat, 12 Nov 2005 18:08:23 +0200, P theodorou <props666999@xxxxxxxxxxx> wrote: > Hello > > i wish the windows machine which receives Internet from the firewall pc > to be restricted fully apart from the port needed to access the internet > > the windows machine has got fully access when my rc.firewall contains > > $iptables -A FORWARD -i $LAN_IFACE -j ACCEPT > > which gives to the windows machine access to every port > > i've tried unsuccesully the following command > > $iptables -A FORWARD -p TCP -i $LAN_IFACE -- sport XX -j ACCEPT > > my netstat on the windows machine displays various connections > few questions now > > > 1 which port should be alolwed for the windows machine to see internet > 2 can i restrct it to something like : > $iptables -A FORWARD -p TCP -i $LAN_IFACE -sport XX -dport XX -j > ACCEPT > > in other words, allow the windows relevant port for accesing on the > internet to > be connected to the specific port of the firewall > > regards > > > > You could adopt a strategy where you allow all connections started from the inside of your LAN (and, of course, all connections related to those), but none that is started from the internet. So, you could set the FORWARD policy to DROP, allow the IPs from inside the LAN to connect to the internet and then use a rule that allows all ESTABLISHED and RELATED connections. -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com
