configuring firewalls with iptables
Which is the standard way in SuSE to configure a firewall without using SuSEfirewall, just plain IPtables, or how can I do it (I don't wanna do a dirty script and put it anywhere and run it at anytime). thank you. Carpe diem! -- Pupeno: pupeno@pupeno.com.ar http://www.pupeno.com.ar
Pupeno wrote:
Which is the standard way in SuSE to configure a firewall without using SuSEfirewall, just plain IPtables, or how can I do it (I don't wanna do a dirty script and put it anywhere and run it at anytime). thank you. Carpe diem!
a good start is the following script, hope thats ok for you :) #!/bin/sh IPTABLES="/usr/sbin/iptables" WORLDDEV="ppp0" # connection tracking for ftp insmod ip_conntrack_ftp # create and flush mychain $IPTABLES -N mychain $IPTABLES -F mychain # statefull filtering $IPTABLES -A mychain -m state --state ESTABLISHED,RELATED -j ACCEPT # newconnections can come local or internal, but not from outside $IPTABLES -A mychain -m state --state NEW -i ! $WORLDDEV -j ACCEPT # if you want logging, uncomment this line. It logs with the prefix Firewall: #$IPTABLES -A mychain -j LOG --log-prefix "Firewall: " # we want to reject/drop all other packets $IPTABLES -A default -j REJECT # all packets incoming or forwared to the mychain $IPTABLES -A INPUT -j mychain $IPTABLES -A FORWARD -j mychain -- intraDAT AG http://www.intradat.com Wilhelm Leuschner Strasse 9-11, 60329 Frankfurt Tel: +49-69-25629-0 Fax: +49-69-25629-256
Which is the standard way in SuSE to configure a firewall without using SuSEfirewall, just plain IPtables, or how can I do it (I don't wanna do a dirty script and put it anywhere and run it at anytime). thank you. Carpe diem!
Make sure the 2.4 ipchains module is not loaded, netfilter cannot have the compatability modules loaded with iptables at same time. Rob
participants (3)
-
Pupeno -
Robert Davies -
Sven Michels