i want build firewal for router in one machine as a
squid proxy server, caching dns server and bandwith
limiter with HTB.
i use default policy DROP for forward, input, and
output
-------- code ----------------
# Clean old firewall
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
$MPROBE ip_conntrack
$MPROBE ip_conntrack_ftp
$MPROBE ip_nat_ftp
$MPROBE ip_nat_irc
# Setting default filter policy
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
# Unlimited access to loop back
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j
ACCEPT
$IPT -A OUTPUT -m state --state ESTABLISHED,RELATED -j
ACCEPT
------------ end of code
--------------------------------------
and my problem is, what filter i must write so my
client can connect into my router.
first i only define PREROUTING, FORWARD and
POSTROUTING, but my client can't ping into router.
so, if i want default policy DROP for forward, input,
output, prerouting and postrouting, what i want to do?
must i define all of this for allow my client?
thanks
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
