I was trying this http://wiki.archlinux.org/index.php/Sim … wall_HOWTO to create a simple firewall for my standalone system which is connected via a router.
but I'm getting these error:
[root@bluehead shantanu]# iptables -p FORWARD ACCEPT iptables v1.3.8: unknown protocol `forward' specified Try `iptables -h' or 'iptables --help' for more information.
[root@bluehead shantanu]# iptables -p INPUT DROP iptables v1.3.8: unknown protocol `input' specified Try `iptables -h' or 'iptables --help' for more information.
which is making me unable to set a firewall. Any solution to this.
It's an uppercase 'P'.
thanks for the solution. It just could not figure it out.
however, I could not understand this section:
The open chain contains rules for accepting incoming connections on specific ports or protocols. For example, if you want to accept ssh connections on every interface, add this rule: # iptables -A open -p tcp --dport 22 -j ACCEPT To accept incoming HTTP connections on the interface ppp0: # iptables -A open -i ppp0 -p tcp --dport 80 -j ACCEPT To accept all incoming tcp connections with destination ports 65000 to 65005 on interface foo: # iptables -A open -i foo -p tcp --dport 65000:65005 -j ACCEPT The same is of course possible with udp: # iptables -A open -i foo -p udp --dport 65000:65005 -j ACCEPT or with other protocols than tcp and udp: # iptables -A open -i foo -p 123 -j ACCEPT
I've not opend port 22 since I do not need ssh (i supposed it is used so that other ppl can get access to my local system).
I opened tcp on 80 (to my knowledge it is used for browsing, messenger etc.)
I guess the third and fourth lines to open ports 65000 to 65005 are for torrents. But I am confused what my interface. Till date I knew that it was eth0 (broadband connected via router to ethernet port), but my router shows the interface as "ppo-0." Now which one to use instead of foo above.
Another thing is that after setting up the firewall, I tested it with https://www.grc.com/x/ne.dll?bh0bkyd2, but it still gives the same result that my system is unsure. In some other post, it is mentioned that I need to connect my computer directly (i suppose in ethernet port) rather than via router. But in that case, internet does not work at all (also the cords are different too)..