Results 1 to 9 of 9
what do you think about this configuration?
Code:
iptables -A INPUT -i eth0 -i ACCEPT
iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i ...
- 08-12-2004 #1Linux Engineer
- Join Date
- May 2003
- Location
- Greece / Athens
- Posts
- 1,169
Secure system against attackers
what do you think about this configuration?
i think that it's enough secure as all incoming connections are not permitted..Code:iptables -A INPUT -i eth0 -i ACCEPT iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i ppp0 -j LOG iptables -A INPUT -i ppp0 -J DROP
should i change something in that??Linux For Ever!
- 08-13-2004 #2Linux Guru
- Join Date
- Apr 2003
- Location
- /dev/urandom
- Posts
- 3,682
That's a good, tight and simple config. for a desktop running no servers.
"Time is an illusion. Lunchtime, doubly so."
~Douglas Adams, The Hitchhiker's Guide to the Galaxy
- 08-13-2004 #3Linux Engineer
- Join Date
- May 2003
- Location
- Greece / Athens
- Posts
- 1,169
that's the configuration i want to make....thanks for the post..i was not so sure!
Linux For Ever!
- 08-15-2004 #4Linux Newbie
- Join Date
- Jan 2004
- Location
- Belgrade, S&M
- Posts
- 177
I like to add this at top (to be on the safe side ) :
iptables -A INPUT -p tcp --dport 6000 -s ! localhost -j LOG
iptables -A INPUT -p tcp --dport 6000 -s ! localhost -j DROP
- 08-19-2004 #5Just Joined!
- Join Date
- Aug 2004
- Posts
- 12
where would I put that code to use that configuration?
- 08-19-2004 #6Linux Newbie
- Join Date
- Jan 2004
- Location
- Belgrade, S&M
- Posts
- 177
You can put it in a script and save it as a file (eg. script):
Then from the terminal:Code:#!/bin/sh iptables -A INPUT -i eth0 -i ACCEPT iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i ppp0 -j LOG iptables -A INPUT -i ppp0 -J DROP
chmod o+x script
./script
Then you can issue
iptables-save > rules
And whenever you want to activate the firewall type: iptables-restore < rules. You can also add the last line to /etc/rc.d/rc.local. You can also set up /etc/rc.firewall to apply the rules....
- 08-19-2004 #7Linux Engineer
- Join Date
- May 2003
- Location
- Greece / Athens
- Posts
- 1,169
open a terminal emulator and write them as commands..
Linux For Ever!
- 08-19-2004 #8Just Joined!
- Join Date
- Aug 2004
- Posts
- 12
THATS PERFECT!!! I've been looking for how to do this/use scripts. Is there a tutorial on building and using scripts I could get somewhere?
Originally Posted by Goran
- 08-19-2004 #9Linux Newbie
- Join Date
- Jan 2004
- Location
- Belgrade, S&M
- Posts
- 177
You could check at tldp or just google there are lot of tutorials out there. Aren't scripts great
? I recommend you getting a book as it is easier to read and is more comprehensive.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
