[ale] Iptables ruleset for a laptop
Jonathan Glass
jonathan.glass at ibb.gatech.edu
Thu Jun 5 08:29:26 EDT 2003
You may still want to create two more rules to (1) log incoming
connection attempts, then (2) to block those attempts. It may be
overkill with an INPUT policy of DROP, but the logging may make it
worthwhile.
Jonathan
On Wed, 2003-06-04 at 19:01, matty91 at bellsouth.net wrote:
> Howdy,
>
> Thanks everyone for the example iptables scripts. After much reading and
> tinkering around, I think I found what I was looking for:
>
> # flush any existing chains and set default policies
> /sbin/iptables -F INPUT
> /sbin/iptables -F OUTPUT
> /sbin/iptables -P INPUT DROP
> /sbin/iptables -P OUTPUT ACCEPT
>
> # allow all packets on the loopback interface
> /sbin/iptables -A INPUT -i lo -j ACCEPT
> /sbin/iptables -A OUTPUT -o lo -j ACCEPT
>
> # allow established and related packets back in
> /sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED -j ACCEPT
>
> This allows everything outbound, and drops everything inbound. Anyone
> see any flaws with this? After testing with nmap, I can't seem to find
> any issues (though there may still be some).
>
> Thanks,
> - Ryan
>
> Ryan Matteson - UNIX Administrator | GPG ID: 92D5DFFF
> Public Key: http://www.daemons.net/~matty/public_key.txt
> Fingerprint = 4BEC 6145 30A6 BCE6 5602 FF11 4954 165D 92D5 DFFF
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
--
Jonathan Glass <jonathan.glass at ibb.gatech.edu>
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list