Sorry i am posting this again to this list, but debian-firewall list was essentially mute.
I am trying to run a very secure firewall which also servesa as my gateway. After reading the docs, its is still unclear how i would open up the gateway/firewall to an outside ssh connections also I would like to hear any comments about the follow iptables script which is my startup. Thankx -------------------------- #!/bin/sh #chmod 755 is needed to make this executable #Turn on ip_forward with this command echo 1 > /proc/sys/net/ipv4/ip_forward #Clean up tables iptables -F iptables -X iptables -Z #This allow maquerading iptables -t nat -A POSTROUTING -j MASQUERADE #This allow a connection from inside the network #tank iptables -A INPUT -s 192.168.2.2 -j ACCEPT iptables -A OUTPUT -d 192.168.2.2 -j ACCEPT #evvie iptables -A INPUT -s 192.168.2.20 -j ACCEPT iptables -A OUTPUT -d 192.168.2.20 -j ACCEPT #text iptables -A INPUT -s 192.168.2.3 -j ACCEPT iptables -A OUTPUT -d 192.168.2.3 -j ACCEPT # Disallow NEW and INVALID incoming or forwarded packets from eth0. #iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP #iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP #Most people just have a single PPP connection to the Internet, #and don't want anyone coming back into their network, or the firewall: ## Create chain which blocks new connections, except if coming from inside. iptables -N block iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT iptables -A block -j DROP ## Jump to that chain from INPUT and FORWARD chains. iptables -A INPUT -j block iptables -A FORWARD -j block #BLOCK EVERYTHING iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP #LOG EVEYTHING FOR NOW #iptables -A INPUT -i eth0 -j LOG --log-prefix "IN" #iptables -A OUTPUT -o eth0 -j LOG --log-prefix "OUT"
