On 6 February 2010 12:50, supercodeing35271 supercodeing35271 <supercodeing35271@xxxxxxxxx> wrote: > Hi,i'm a rookie.As learning netfilter/iptables for the first time,i > wanna look some good existing iptables rules scripts as that i think > reading good rules scripts will be useful. > So anyone here can share some rules or tell me where to see any good > rules scripts. I must underline that i just need some references,i do > not have any other reason about this. > Thank every one. What kind of rule sets are you looking for? Rules to protect a public facing server are going to be different (to varying degrees depending on services etc) to those for a home PC, to those for a router/gateway. One of the best ways to learn would be change the policies to block then work out how to allow the traffic you want to flow around while not opening up what you don't want... For instance... iptables -P FORWARD DROP iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT Lines 1 to 3 changes the policy to DROP (You can only use DROP or ACCEPT as policies) and lines 4 and 5 enable the loopback interface. (Drop == silently discard packets without notifying the originator, Accept == allow packet through firewall, Reject == Returns an ICMP message to the orgination, you can vary the return message). -- Richard Horton Users are like a virus: Each causing a thousand tiny crises until the host finally dies. http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats http://www.pbase.com/arimus - My online photogallery -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
