iptables and implementing a policy

**sportsman667** · 11-03-2007

hi all,

I am new to iptables and am having a little trouble figuring them out. Using Iptables I am trying to implement the following policy: im trying to permit all outgoing connections, permit incoming ICMP, permit incoming ssh, permit incoming finger connections ,and reject all other packets. How can I do this?

Thanks,
Thomas

**anomie** · 11-03-2007

There are several ways to implement this. Here's one:

Code:

# iptables -F
# iptables -A INPUT -i lo -j ACCEPT 
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 79 -j ACCEPT
# iptables -A INPUT -p icmp -j ACCEPT
# iptables -A INPUT -j REJECT

I wrote the rules based on what you requested.

Originally Posted by sportsman667

im trying to permit all outgoing connections

OUTPUT chain default policy is ACCEPT.

Originally Posted by sportsman667

permit incoming ICMP

Why do you want to permit all incoming icmp traffic? Don't you mean just echo requests?

Originally Posted by sportsman667

permit incoming finger connections

Why??

Originally Posted by sportsman667

and reject all other packets

Remember: REJECT sends an error packet back. DROP sends nothing back to the requester (blackhole).

Thread Tools

Display

iptables and implementing a policy

Posting Permissions