Rear municipality I have a problem I do not want to be able to close that first times all port openly am upd tcp ICMP at later everything only unfortunately go to anything ssh HTTP etc. Who can render to me fast help eth0 is the Web server eth1 is the internal INTERFACE to data base the computer of the railways computer is 192.168.0.4 eth2 is connect the IP for the Extenen the data base . I do not have socks servers Thanks you here mine is script #!/bin/sh ARG=$1 MAIL= NS= DB_serv=192.168.0.4 A_NET=195.143.193.66/32 D_NET=192.168.0.1/24 DB_NET=195.143.232.2/32 p_webm=10000:10100 m_port=0:65536 case $ARG in start) echo Firewall starting ... #### # Löschen aller Rules iptables -t filter -F iptables -t nat -F iptables -X iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P POSTROUTING ACCEPT iptables -t nat -P OUTPUT REJECT #### # Lokale sytsem dürfen iptables -t filter -A OUTPUT -o lo -j ACCEPT iptables -t filter -A INPUT -i lo -j ACCEPT #### # erstmal einige freigeben iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source eth0 iptables -t filter -A INPUT -i eth0 -p udp -s 0/0 --sport $m_port -d $A_NET --dport $m_port -j ACCEPT iptables -t filter -A OUTPUT -o eth0 -p udp -s 0/0 --sport $m_port -d $A_NET --dport $m_port -j ACCEPT iptables -t filter -A FORWARD -i eth0 -o eth0 -p tcp -s $A_NET --sport $m_port -d ! $A_NET --dport $m_port -j ACCEPT iptables -t filter -A FORWARD -i eth0 -o eth0 -p udp -s $A_NET --sport $m_port -d ! $A_NET --dport $m_port -j ACCEPT # Debugging Regel iptables -t filter -A INPUT -j LOG iptables -t filter -A FORWARD -j LOG iptables -t filter -A OUTPUT -j LOG iptables -t filter -A INPUT -j REJECT iptables -t filter -A FORWARD -j REJECT iptables -t filter -A OUTPUT -j REJECT ;; stop) echo Firewall stopping ... iptables -t filter -F iptables -t filter -P INPUT ACCEPT iptables -t filter -P OUTPUT ACCEPT ;; esac