[ale] Iptables ruleset for a laptop

matty91 at bellsouth.net matty91 at bellsouth.net
Wed Jun 4 19:01:06 EDT 2003


Howdy,

Thanks everyone for the example iptables scripts. After much reading and
tinkering around, I think I found what I was looking for:

# flush any existing chains and set default policies
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT

# allow all packets on the loopback interface
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT

# allow established and related packets back in
/sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED -j ACCEPT

This allows everything outbound, and drops everything inbound. Anyone
see any flaws with this? After testing with nmap, I can't seem to find
any issues (though there may still be some).

Thanks,
- Ryan

Ryan Matteson - UNIX Administrator | GPG ID: 92D5DFFF
Public Key: http://www.daemons.net/~matty/public_key.txt
Fingerprint = 4BEC 6145 30A6 BCE6 5602 FF11 4954 165D 92D5 DFFF
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list