Find the answer to your Linux question:
Results 1 to 3 of 3
Hi everybody... I am a newbie to Linux and linux-iptables I just tried the following: iptables -F ...to flush the rules iptables -A INPUT -d 59.95.24.233 -j DROP ...59.95.24.233 is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2007
    Posts
    34

    Exclamation Is this correct??


    Hi everybody...
    I am a newbie to Linux and linux-iptables
    I just tried the following:

    iptables -F ...to flush the rules
    iptables -A INPUT -d 59.95.24.233 -j DROP ...59.95.24.233 is my IP
    iptables-save ...to save the rules

    These three statements should ...as I suppose ...block all packets to my computer. I tried connecting to the internet and it does!!!
    Whats wrong ...please explain me..
    Thanx

  2. #2
    Linux User cyberinstru's Avatar
    Join Date
    Jan 2007
    Location
    India
    Posts
    362
    If you want all your input packets to your system to be dropped...

    iptables -F
    iptables -F -t nat
    iptables -F -t mangle
    1. Set your INPUT policy as DROP
    iptables -P INPUT DROP
    2. Set your FORWARD policy as DROP
    iptables -P FORWARD DROP
    3. Set you OUTPUT policy as ACCEPT
    iptables -P OUTPUT ACCEPT
    4. Allow only REALTED and ESTABLISHED PACKETS on your WAN interface
    iptables -I INPUT -i <wanIF> -m --state REALTED, ESTABLISHED -j ALLOW
    5. Allow forward from WAN to LOCAL interface

    6. Allow all traffic from your loopback interface
    iptables -A INPUT -i lo -j ACCEPT
    There are just some examples. Try this out!
    ---------------------------------
    Registered Linux User #440311
    HI2ARUN _AT_ GMAIL _DOT_ COM
    ---------------------------------

  3. #3
    Just Joined!
    Join Date
    Feb 2007
    Posts
    34

    Smile

    Quote Originally Posted by cyberinstru
    If you want all your input packets to your system to be dropped...



    1. Set your INPUT policy as DROP


    2. Set your FORWARD policy as DROP


    3. Set you OUTPUT policy as ACCEPT


    4. Allow only REALTED and ESTABLISHED PACKETS on your WAN interface


    5. Allow forward from WAN to LOCAL interface

    6. Allow all traffic from your loopback interface


    There are just some examples. Try this out!

    Right!! I'll try it out!! I will let u know if it works!
    ThanX

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •