Re: Quick iptables help

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Darrin Chandler
Date:  
To: alandd, Main PLUG discussion list
Subject: Re: Quick iptables help
On Thu, Aug 03, 2006 at 05:24:00PM -0700, Alan Dayley wrote:
> I haven't taken the time to understand iptables and now I need to write a
> few rules.
>
> - Computer has 3 NICs: eth0 eth1 eth2
> - I want to add the rules to /etc/rc.d/rc.firewall.local
> - Rules are:
> -- drop everything from eth0 to eth1
> -- drop everything from eth1 to eth0
> -- allow everything from eth1 to eth2
>
> Anyone have any sample rules to share that will speed my learning? In
> other words, anyone want to write the rules for me? ;^)


While it's not exactly coding, it sounds perfect for tonight's hackfest.

You might want to restate your policy more like:

- drop everything not explicitly allowed
- allow everything from eth1 to eth2
- (etc)

I.e., you should have a default policy of dropping, and the rest of the
rules allow things. It's safer and easier in the end.

-- 
Darrin Chandler            |  Phoenix BSD Users Group
   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |
---------------------------------------------------
PLUG-discuss mailing list - 
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss