On Sat, 2011-04-30 at 13:23 -0500, Mike Hendrie wrote: > Thank you, it worked! > Okay, so you didn't top post, but please leave a bit of message so that it makes sense to anyone joining the conversation <sigh> > Now to lock it down? I should just create rules to block ports? > Well it depends how paranoid you are. You might just want to block new incoming connections to the local network: iptables -P FORWARD DROP iptables -A FORWARD -i $ext_IF -o $int_IF \ -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i $int_IF -o $ext_IF -j ACCEPT You'd probably also want to drop all incoming connections to the server apart from your web server: iptables -A INPUT -p tcp --dport 80 -i $ext_IF -j ACCEPT iptables -A INPUT -i $ext_IF -j DROP As Rob says though, you're probably best going through a few basic tutorials first - you'll be up to speed in no time. Also check out iptables-save and iptables-restore. Let's hope I haven't made any more mistakes that Rob is going to spot :) Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
