Incoming from [EMAIL PROTECTED]: > > This is my rule set: > > 1 iptables -P INPUT DROP > 2 iptables -A INPUT -p icmp -j ACCEPT > 3 iptables -A INPUT -i lo -j ACCEPT > 4 iptables -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT > 5 iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT > 6 iptables -A INPUT -i ppp0 -p tcp -j REJECT --reject-with tcp-reset > 7 iptables -A INPUT -i ppp0 -p udp -j REJECT > 8 iptables -A INPUT -i ppp0 -j REJECT --reject-with icmp-proto-unreachable > > 9 iptables -P FORWARD DROP > 10 iptables -P OUTPUT ACCEPT > > ********************************************************* > > 1.) Line number five does not work, iptables complains when I issue that > rule.
I use exactly the same rule here: iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT > 2.) The functionality I want from my firewall rule set is: > > Deny all incoming traffic except, port 22 ssh and allow pings > > Allow all outgoing traffic, as well as, it should be able to come > back in if it originated from my box > > The above rule set did work when I had an ethernet connection on a > different network, but when I changed to dialup, I have problems getting > these to work. My situation is close, the exception being incoming ssh. I do, however, allow incoming identd (handled by fauxident): iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -t filter -I INPUT -i ppp0 -m tcp -p tcp --dport 113 -j ACCEPT iptables -A INPUT -s ! 127.0.0.1/32 -m state --state NEW -j LOG iptables -A INPUT -s ! 127.0.0.1/32 -m state --state NEW -j DROP iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
