Is this correct??

**bhupeshchawda** · 03-03-2007

Hi everybody...
I am a newbie to Linux and linux-iptables
I just tried the following:

iptables -F ...to flush the rules
iptables -A INPUT -d 59.95.24.233 -j DROP ...59.95.24.233 is my IP
iptables-save ...to save the rules

These three statements should ...as I suppose ...block all packets to my computer. I tried connecting to the internet and it does!!!
Whats wrong ...please explain me..
Thanx

**cyberinstru** · 03-03-2007

If you want all your input packets to your system to be dropped...

iptables -F
iptables -F -t nat
iptables -F -t mangle

1. Set your INPUT policy as DROP

iptables -P INPUT DROP

2. Set your FORWARD policy as DROP

iptables -P FORWARD DROP

3. Set you OUTPUT policy as ACCEPT

iptables -P OUTPUT ACCEPT

4. Allow only REALTED and ESTABLISHED PACKETS on your WAN interface

iptables -I INPUT -i <wanIF> -m --state REALTED, ESTABLISHED -j ALLOW

5. Allow forward from WAN to LOCAL interface

6. Allow all traffic from your loopback interface

iptables -A INPUT -i lo -j ACCEPT

There are just some examples. Try this out!

**bhupeshchawda** · 03-03-2007

Originally Posted by cyberinstru

If you want all your input packets to your system to be dropped...

1. Set your INPUT policy as DROP

2. Set your FORWARD policy as DROP

3. Set you OUTPUT policy as ACCEPT

4. Allow only REALTED and ESTABLISHED PACKETS on your WAN interface

5. Allow forward from WAN to LOCAL interface

6. Allow all traffic from your loopback interface

There are just some examples. Try this out!

Right!! I'll try it out!! I will let u know if it works!
ThanX

Thread Tools

Display

Is this correct??

Posting Permissions