Linux.com: More fun with NetfilterFeb 14, 2001, 08:30 (0 Talkback[s])
(Other stories by Mike Baker)
"So, you've just got your fast Cable or DSL connection and now you need a firewall to protect you? No problem."
"Your basic firewall will tend to look something like this:
#accept now, deny and log later iptables -P INPUT ACCEPT #accept traffic from the lan iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT #take advantage of connection tracking iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #accept connections for ssh and http iptables -A INPUT -p tcp -m multiport --destination-port 22,80 -j ACCEPT # log and deny iptables -A INPUT -m limit --limit 5/minute -j LOG --log-level 5 --log-prefix "BLOCKED" iptables -A INPUT -j REJECT
"Kinda boring huh? about the only thing that's new in that script is the connection tracking for established packets."