Request for help: Debian firewall, and maybe some kernel upgrade
tips
Jared
jared at hatwhite.com
Wed Apr 13 13:45:04 CDT 2005
> | Also. Is there any sort of firewall that is real
> | easy to configure, something like this:
> |
> | [SuperEasyFirewall]
> | Open=22,80,23
> | Blocked=22.23.34.43:[22,80]
> | Closed=EverythingElse
> |
> | I don't understand why a firewall config has to be
> | four miles long and so dern complicated!
> |
> | -Jared
>
> # clear the tables
> iptables -F
> # set the default for the INPUT chain to DROP
> iptables -I INPUT -j DROP -i eth0
> # allow established and related connections
> iptables -I INPUT -j ACCEPT -i eth0 -m state --state ESTABLISHED,RELATED
> # Allow ports 22,23,80
> iptables -I INPUT -j ACCEPT -i eth0 -p tcp --dport 22
> iptables -I INPUT -j ACCEPT -i eth0 -p tcp --dport 23
> iptables -I INPUT -j ACCEPT -i eth0 -p tcp --dport 80
> # Allow localhost connections
> iptables -I INPUT -j ACCEPT -i lo
> # Block this IP on port 22 and 80
> iptables -I INPUT -j DROP -i eth0 -p tcp --dport 22 -s 22.23.34.43
> iptables -I INPUT -j DROP -i eth0 -p tcp --dport 80 -s 22.23.34.43
>
>
> Chris
Chris,
Thank you! I now understand what iptables are doing.
This helps a lot.
-Jared
More information about the Kclug
mailing list