Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: [suse-security] firewall help..
  • From: Ralf Ronneburger <ralf@xxxxxxxxxxxxxx>
  • Date: Thu, 04 Mar 2004 11:14:44 +0100
  • Message-id: <40470194.5050307@xxxxxxxxxxxxxx>
Hi,

something else:

#=======================================================
# Allow all outbound connections from LAN(eth1 & eth2)
# to Internet(eth0)
# Allow only return traffic from those connections
#=======================================================
echo "Allow forwarding for 192.168.48.0 subnet..."
echo "Allow forwarding for 192.168.5.0 subnet..."

iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


This allows forwarding from everywhere to everywhere, beware to use this! Instead change it to:

iptables -A FORWARD -i $INTIF1 -o $EXTIF -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF2 -o $EXTIF -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

Greetings,

Ralf


< Previous Next >
References