> Incoming from [EMAIL PROTECTED]: >> >> This is my rule set: >> >> 1 iptables -P INPUT DROP >> 2 iptables -A INPUT -p icmp -j ACCEPT >> 3 iptables -A INPUT -i lo -j ACCEPT >> 4 iptables -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT >> 5 iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT >> 6 iptables -A INPUT -i ppp0 -p tcp -j REJECT --reject-with tcp-reset 7 iptables -A INPUT -i ppp0 -p udp -j REJECT >> 8 iptables -A INPUT -i ppp0 -j REJECT --reject-with >> icmp-proto-unreachable >> >> 9 iptables -P FORWARD DROP >> 10 iptables -P OUTPUT ACCEPT >> >> ********************************************************* >> >> 1.) Line number five does not work, iptables complains when I issue that rule. > > I use exactly the same rule here: > > iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT >
I still am stuck; Not sure why this error is happening EULER:~# iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables: No chain/target/match by that name EULER:~# here is the output of lsmod EULER:~# lsmod Module Size Used by Tainted: P ipt_REJECT 2720 0 (autoclean) iptable_filter 1728 0 (autoclean) bsd_comp 3968 0 (autoclean) ppp_async 5984 1 (autoclean) r128 82840 1 lp 5984 0 (autoclean) slip 7904 0 (autoclean) parport_pc 14980 2 (autoclean) plip 10760 1 (autoclean) parport 24576 2 (autoclean) [lp parport_pc plip] iptable_nat 18228 0 (autoclean) ip_conntrack 19212 1 (autoclean) [iptable_nat] ip_tables 13056 5 [ipt_REJECT iptable_filter iptable_nat] ppp_deflate 39040 0 ppp_generic 14088 3 [bsd_comp ppp_async ppp_deflate] slhc 4352 2 [slip ppp_generic] rtc 5368 0 (autoclean) EULER:~# Version of IPtables: ii iptables 1.2.6a-5 IP packet filter administration tools for 2. Running 'debian' woody kernel 2.4.18 Thanks >> 2.) The functionality I want from my firewall rule set is: >> >> Deny all incoming traffic except, port 22 ssh and allow pings >> >> Allow all outgoing traffic, as well as, it should be able to come back in if it originated from my box >> >> The above rule set did work when I had an ethernet connection on a different network, but when I changed to dialup, I have problems getting these to work. > > My situation is close, the exception being incoming ssh. I do, > however, allow incoming identd (handled by fauxident): > > iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -t filter -I INPUT -i ppp0 -m tcp -p tcp --dport 113 -j ACCEPT iptables -A INPUT -s ! 127.0.0.1/32 -m state --state NEW -j LOG > iptables -A INPUT -s ! 127.0.0.1/32 -m state --state NEW -j DROP iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT > > > -- > Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling > - - > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
