You are not logged in.
Pages: 1
hi, i've this lan :
eth0 eth1
Internet >> router ->> gateway ->> switch ->> pc1, pc2, pc3
I want that my gateway works like a firewall, so i've modifyd an iptables script :
# first set the default behaviour => accept connections
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# Create 2 chains, it allows to write a clean script
iptables -N FIREWALL
iptables -N TRUSTED
# Allow ESTABLISHED and RELATED incoming connection
iptables -A FIREWALL -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow loopback traffic
iptables -A FIREWALL -i lo -j ACCEPT
# Send all package to the TRUSTED chain
iptables -A FIREWALL -j TRUSTED
# DROP all other packets if any rules are satisfied
iptables -A FIREWALL -j DROP
# Send all INPUT packets to the FIREWALL chain
iptables -A FORWARD -j FIREWALL
# Allow https
iptables -A TRUSTED -p udp -m udp --sport 443 -j ACCEPT
iptables -A TRUSTED -p tcp -m tcp --sport 443 -j ACCEPT
But all connections on the FORWARD chain seems are dropped, killed, terminated
iptables -A FIREWALL -m state --state ESTABLISHED,RELATED -j ACCEPT
This doesn't work, so packet are dropped....
Help me !!
Last edited by brainwasher (2007-04-16 12:38:16)
Offline
If you want an easy to maintain and efficient firewall, install firestarter (pacman -Sy firestarter) and it will assist you on creating any iptables you need to protect your system.
I used to do it "by hand" but after firestarter never again.
Hope this helps.
Offline
i dont have x or gnome, i wont install them...
Offline
Pages: 1