Harry wrote: >> Wait... I'm pretty sure there are a few lines of IPTABLES code that >> will do what you want. >> >> I remember using something with IPTABLES that made any connections >> from internet only happen in response to requests from your localhost. >> I don't remember the lines now but someone might post it.
Mick replied: > The lines already posted will do just that. If you want to additionally stop > any intruder spoofing a localhost address on your NIC and getting in you > could add: > > iptables -A INPUT -i !eth0* -j ACCEPT OOPs... I took your earlier comment (below) to be applied to what was posted but I see now you were only referencing a single line: iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT Andry F. wrote: >>> iptables -P INPUT DROP >>> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT >>> iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT >>> iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT Mick replied: >>> iptables -P INPUT DROP >>> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT >>> iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT >> This line is only needed if you want to forward packets to another >> iface/device (i.e. when your laptop is acting as a router and the input >> interface is eth0). [...] Thanks for the <snipped> other pointers -- [EMAIL PROTECTED] mailing list
