You are not logged in.

#1 2008-09-12 11:38:11

chochem
Member
From: Denmark
Registered: 2008-03-02
Posts: 176
Website

Need help reviewing iptables rules

I'm setting up my router with iptables and I was wondering if I could get somebody more experienced with this to review my setup. It's running a nubmer of services (printer, NAS, wireless) but mostly for my own benefit, so I just want to be able to acces them from my laptop and not for internet users to see them. With the exception of it also running rtorrent (ports 51777:51780) and my laptop's still trying to finish off a couple of transmission torrents on 51413. Does this look reasonable? Any glaring holes? I have been wondering a bit why I need to allow established/related for INPUT (I can log in to the router without it but no internet - DNS?)

# FORWARD
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -A FORWARD -p tcp -m multiport --dport 21,25,80,443 -j ACCEPT
iptables -A FORWARD -p tcp --dport 51413 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# INPUT
iptables -P INPUT DROP
iptables -F INPUT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 51777:51780 -j ACCEPT
iptables -A INPUT -p tcp -i ! vlan1 -j ACCEPT
iptables -A INPUT -p udp -i ! vlan1 -j ACCEPT

Thanks in advance.

Offline

Board footer

Powered by FluxBB