|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Michael Whitman wrote:
>
> If it is linux and a fairly recent distro you may already have IPTABLES
> installed.
> Stuff which will be helpful can be found at
> http://netfilter.samba.org/documentation/index.html#whatis
>
> At 02:40 PM 3/27/2002 -0500, you wrote:
> >I want firewalling protection on just one machine
For a really quick filter use:
http://netfilter.samba.org/documentation/HOWTO//packet-filtering-HOWTO-5.html
Most people just have a single PPP connection to the Internet, and don't
want anyone coming back into their
network, or the firewall:
## Insert connection-tracking modules (not needed if built into
kernel).
# insmod ip_conntrack
# insmod ip_conntrack_ftp
## Create chain which blocks new connections, except if coming from
inside.
# iptables -N block
# iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
# iptables -A block -j DROP
## Jump to that chain from INPUT and FORWARD chains.
# iptables -A INPUT -j block
# iptables -A FORWARD -j block
--
Rev. LeRoy D. Cressy mailto:lcressy@telocity.com /\_/\
http://www.netaxs.com/~ldc ( o.o )
Phone: 215-535-4037 > ^ <
Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|