Linux Today: Linux News On Internet Time.

Linux.com: More fun with Netfilter

Feb 14, 2001, 08:30 (0 Talkback[s])
(Other stories by Mike Baker)

"So, you've just got your fast Cable or DSL connection and now you need a firewall to protect you? No problem."

"Your basic firewall will tend to look something like this:

        #accept now, deny and log later 
        iptables -P INPUT ACCEPT 

        #accept traffic from the lan 
        iptables -A INPUT -s -j ACCEPT 

        #take advantage of connection tracking 
        iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 

        #accept connections for ssh and http 
        iptables -A INPUT -p tcp -m multiport --destination-port 22,80 -j ACCEPT 

        # log and deny 
        iptables -A INPUT -m limit --limit 5/minute -j LOG --log-level 5 --log-prefix 
        iptables -A INPUT -j REJECT 

"Kinda boring huh? about the only thing that's new in that script is the connection tracking for established packets."

Complete Story

Related Stories: