--- "Robert L. Harris" <[EMAIL PROTECTED]>
wrote:
>
>
> I've got my handy-dandy firewall up and running
> with iptables. However
> I'm always looking for a better way to lock it down.
> Can anyone send me
> a "here's mine" or close for something that does
> this:
>
> Allows all oubound new connections from inside on
> my 192.168.0.0/24 (or the
> IP of ETH0 on my firewall?)
> Allows all connections to my firewall from
> 192.168.0.0/24
> Drops all packets inbound from the internet except:
> http
> ssh
> ftp
>
> Logs all dropped attempts/scans to a different
> syslog title so I can
> save it off to a different file?
>
{{SNIP}}
Have a look at shorewall, it may or may not do all you
require, but it's got a lot of that I know:
http://www.shorewall.net/
=====
[EMAIL PROTECTED]
http://www.charleshbaker.com/~chb/
Hacking is a "Good Thing!"
See http://www.tuxedo.org/~esr/faqs/hacker-howto.html
__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
