** Reply to message from Ralf Spenneberg <lists@xxxxxxxxxxxxxx> on Mon, 07 Apr 2003 10:40:58 +0200
> Am Don, 2003-04-03 um 17.03 schrieb Kevin Waterson:
> Hi,
>
> >
> > I wish to have a simple firewall to forward http traffic to internal network
> > This is what I have but it does not forward, any help much appreciated
>
> ...
> > # External Interface
> > EXT_IF=`route -n | awk '$1~/0.0.0.0/ {print $8}'`
> ...
> > # IP of the web machine
> > WWW_IP="192.168.0.3"
> ...
> > # Default policies
> > $IPTABLES -P INPUT ACCEPT
> > $IPTABLES -P OUTPUT ACCEPT
> > $IPTABLES -P FORWARD DROP
My two cents: having a default accept policy for INPUT chain is not recommended for a frontline firewall box. Only recommended if it is a 2nd tier firewall behind another one. Too easy to screw up the rules and leave yourself wide open.
jb
--
Psyche-list mailing list
Psyche-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/psyche-list
