[ale] Simple iptables example wanted
Jonathan Glass
jonathan.glass at ibb.gatech.edu
Mon May 12 15:42:00 EDT 2003
#!/bin/bash
$IPT=/sbin/iptables
$IPT -A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
$IPT -A INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68
ACCEPT
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -p tcp -m tcp --syn -j REJECT
$IPT -A INPUT -p udp -m udp -j REJECT
HTH
Jonathan Glass
On Mon, 2003-05-12 at 15:06, George Carless wrote:
> Hi Michael,
>
> I don't know important it is to you to actually "understand" what's going
> on.. but if you'd just like a nice, simple and configurable iptables
> script then I quite like gShield -- a quick search on freshmeat should
> turn it up. It's very easy to configure for most applications.
>
> Cheers,
> --George
>
> On Mon, 12 May 2003, Michael D. Hirsch wrote:
>
> > I'm trying to lock down a box. I want to let traffic in on port 22 from
> > any host, and nothing else. I want to let out traffic on port 22 and dns,
> > nothing else (which means that DNS replies have to also be allowed).
> >
> > Anyone have a simple iptables config that would do this? Or a pointer to
> > a site with recipies? I know it is simple, but I don't feel comfortable
> > with my limited knowledge.
> >
> > Thanks,
> >
> > Michael
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> >
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
--
Jonathan Glass <jonathan.glass at ibb.gatech.edu>
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list