Re: correct net fitler rule

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2009/10/28 Ralph Blach <rcblach@xxxxxxxxx>:
> Ok,
>
[snip]
> Since I get attached, I want to drop and log from any attaching network.
>
> This happens on a daily bassis, so I am constally updating the list.
>
> What is the best set of rules to accomplish this

If you only wish to allow traffic from your internal network and the
external nameservers then its simple.

set your iptables policies, as said earlier, to DROP.

Then create explicit rules to accept the traffic you want in each
chain as needed.
If you want to log any DROP traffic then just make the LAST rule in
each chain a logging rule...

If you use DROP as a policy and only allow specific traffic you will
not have to keep updating your rule set to block additional networks.


-- 
Richard Horton
Users are like a virus: Each causing a thousand tiny crises until the
host finally dies.
http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
http://www.pbase.com/arimus - My online photogallery
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux