> Alan Dayley wrote:
>> I haven't taken the time to understand iptables and now I need to write
>> a
>> few rules.
>>
>> - Computer has 3 NICs: eth0 eth1 eth2
>> - I want to add the rules to /etc/rc.d/rc.firewall.local
>> - Rules are:
>> -- drop everything from eth0 to eth1
>> -- drop everything from eth1 to eth0
>> -- allow everything from eth1 to eth2
>>
>> Anyone have any sample rules to share that will speed my learning?  In
>> other words, anyone want to write the rules for me?  ;^)
>>
>> Alan
>>
>>
> It'd be a lot easier if you post your rc.firewall.local.

The box in question is an IPCop firewall.  The rc.firewall.local file is
empty of any rules because the base rules are in the rc.firewall file. 
That file is rather long and complicated since it meshes with the web
based admin GUI.  Each rule starts with a call to '/sbin/iptables'

eth0 is the internal network, eth1 is the DMZ and eth2 is the connection
to the internet.  The goal is to change the DMZ behavior in two ways:

1. To disallow any and all connection between the DMZ and the internal
network.  There are pinholes and forwarding allowed in the default rules. 
I want to disallow these.

2. Allow origination of connections from the DMZ to the Internet.  By
default IPCop only allows connection from the Internet into the DMZ but
not the other way.

The web GUI of IPCop doesn't provide access to accomplish these changes
since it violates some of the security design of the distro.  If you
really want to see the rc.firewall, I'll post it but it is quite long.

Alan




---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss