I have a very simple set of iptables rules:
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -p tcp -i eth0 --dport ssh -j ACCEPT
# iptables -I INPUT -i lo -j ACCEPT
# iptables -A INPUT -j DROP
which has been saved to /etc/iptables.up.rules .
I have also modified /etc/network/interfaces to use the ruleset:
iface eth0 inet static
address x.x.x.x
[.. interface configuration ..]
pre-up iptables-restore < /etc/iptables.up.rules
I understand that it is best to setup a set of rules to be applied
when the network interface is down, saving it to:
/etc/iptables.down.rules
and applying in /etc/network/interfaces via:
post-down iptables-restore < /etc/iptables.down.rules
What should this set of rules look like? The exact opposite
of /etc/iptables.up.rules ? Or just a simple flush command?
Or something else altogether?
Sincerely,
Miles
