Quick iptables help
Darrin Chandler
dwchandler at stilyagin.com
Thu Aug 3 17:50:18 MST 2006
On Thu, Aug 03, 2006 at 05:24:00PM -0700, Alan Dayley wrote:
> I haven't taken the time to understand iptables and now I need to write a
> few rules.
>
> - Computer has 3 NICs: eth0 eth1 eth2
> - I want to add the rules to /etc/rc.d/rc.firewall.local
> - Rules are:
> -- drop everything from eth0 to eth1
> -- drop everything from eth1 to eth0
> -- allow everything from eth1 to eth2
>
> Anyone have any sample rules to share that will speed my learning? In
> other words, anyone want to write the rules for me? ;^)
While it's not exactly coding, it sounds perfect for tonight's hackfest.
You might want to restate your policy more like:
- drop everything not explicitly allowed
- allow everything from eth1 to eth2
- (etc)
I.e., you should have a default policy of dropping, and the rest of the
rules allow things. It's safer and easier in the end.
--
Darrin Chandler | Phoenix BSD Users Group
dwchandler at stilyagin.com | http://bsd.phoenix.az.us/
http://www.stilyagin.com/ |
More information about the PLUG-discuss
mailing list