Hi, This is my first go at iptables... I have my own linux box set up as a router/firewall.
eth0 is the external set geting the isp address using dhcp)
eth1 is the internal nic that is handing out ip addresses using dhcp3 through a switch that has client pc's on it.
First I want to make sure that the client pc's can reach the internet through ehth0 on the router.
I would also like to have everything from the outside network dropped, and only ports 22 and 8080 accessible from the outside network.
Does the following iptables script look correct and secure? - I am not too sure on the order of things...
$IPT -P OUTPUT ACCEPT
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -A INPUT --in-interface lo -j ACCEPT
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$IPT-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A FORWARD -i eth1 -o eth0 -j ACCEPT
$IPT -A INPUT -p tcp --dport 8080 -j ACCEPT
$IPT -A INPUT -p tcp --dport 2020 -j ACCEPT
$IPT -A INPUT -s localhost -p tcp --dport 3306 -j ACCEPT